Privacy Preference Center
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Strictly Necessary Cookies
Strictly necessary cookies are always active because they contribute to the proper functioning of the website and make it usable by allowing basic functions such as page navigation and access to secure areas of the website.
Performance and analytical cookies
Performance and analytical cookies allow us to understand how you interact with the website so that we can measure and improve its performance. These cookies help us to know which pages are most and least popular and to see how you move through the website. If you do not allow these cookies, we will not know when you have visited our website.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting or advertising cookies
Targeting or advertising cookies are used to track you when you visit our website. They may be set by advertising partners to profile your interests based on your browsing. If you do not allow these cookies, you will continue to see basic ads on your browser that are generic and not based on your interests.
Take me back to the page navigation
Certain services provided by this website may require the collection and processing of your Personal Data. If you do not wish to provide your Personal Data, you may not be able to access certain parts of the website, or we may not be able to respond to your request.
Personal Data Processed and Purposes
During your visit to this website, ClevAir may collect the following Personal Data:
- Your title, first name, last name, email address, postal address, telephone number
- Information on your use of the website
The three legal bases for which we are collecting your Personal data is your consent, our legitime interest and our legal requirement.
Those Personal Data may be collected for the following purposes:
- Based on your consent: for the creation of your account, to contact us via the contact form, for ClevAir to respond to you
- Based on our legitimate interest: to analyze the website performance, to improve our services and our website functionality
- To meet legal requirements (i.e. to respond to legal investigations)
- Based on your request: To send you Case Studies or any relevant content
Personal Data Disclosure
We will not sell, share or otherwise distribute your Personal Data to third parties except as providing in this Policy. ClevAir may share your Personal Data with the following third parties: subsidiaries and other group entities of ClevAir; to our partners, co-contractors and subcontractors to ensure the proper execution of the website and services; to public or governmental authorities if required by law.
Personal Data Transfer
The third parties to whom we may transfer Personal Data may be located outside the country in which we process your Personal Data. If this is the case, and if the importing third party is located in a country that is not considered to offer an adequate level of protection for Personal Data according to EU data protection law or other applicable data protection law, then we will implement appropriate procedures and measures to ensure an adequate level of protection.
Personal Data Retention
Personal Data will not be kept longer than necessary for the above-mentioned purposes. This means that Personal Data will be deleted as soon as the purpose of the processing of Personal Data has been achieved. However, ClevAir may retain Personal Data longer if this is necessary to comply with applicable law requirements, or if it is necessary to protect or exercise our rights.
Personal Data Security
ClevAir implements a variety of security measures in order to protect Personal Data from security incidents or unauthorised disclosure. These security measures are based on appropriate industry security standards and include, inter alia, access controls, password, encryption and regular security assessments.
Your Privacy Rights
As may be relevant according to applicable data protection law, you may request access, to be informed, rectification, deletion, portability of your Personal Data, limitation or opposition to the processing of your Personal Data or withdraw your consent. You also have a right in relation to automated decision making and profiling. Please note that the exercise of such rights is not absolute and is subject to legal limitations.
If you have any concern about your Personal Data or want to exercise your rights, please contact us.
You also have the right to lodge a complaint with your local supervisory authority or the competent regulator if you consider that the processing of your Personal Data infringes applicable law.
Take me back to the page navigation
What are Cookies?
Cookies are small files stored by most internet browsers to track visitor information and enable ClevAir to make its web-offering more relevant to you. During your visit to our website, ClevAir uses four kinds of cookies. Their retention period depends on each country and the relevant application law, but we will store it for a minimum of six months according to the Norwegian data protection authority guidelines.
How do we use them?
- Obtain information about your browser settings, domain name, internet service provider, your operating system, the date and time of access, location, type of device used to access the website to access our website and conduct system administration
- Get information about other websites you have visited or the type of searches you perform to refine your experience
- Prevent fraudulent activity and improve security
- Know and analyse your browsing preferences and the products you are interested in
- Associate your previous website behaviour once you have registered with your details on a ClevAir website to business and technical purposes
What types of Cookies do we use?
- Strictly necessary cookies: these cookies are necessary for us to provide you with the basic functionalities of our website and cannot be switched off in our systems.
- Performance and analytical cookies: these cookies allow us to count visits and traffic sources in order to measure and improve the performance of our website.
- Functional cookies: these cookies are used to provide enhanced functionality and personalization during your visit.
- Targeting or advertising cookies: these cookies may be set through our website by our advertising partners to build a profile of your interests and propose relevant adverts.
How to manage Cookies?
- Each type of cookie reflects a specific purpose, on our website you can easily consent specifically to each purpose. By accepting all cookies, you will have a fully personalised web experience. We allow you to choose which types of cookies you accept or block, but it may impact your experience on the website and the services we offer (as mentioned above). Nevertheless, you can use the service even in case of refusal to consent to some cookies, except for strictly necessary cookies. At any time, you can withdraw or modify your consent by going on the “Cookie Preferences” page.
- The way to give your consent specifically to each purpose, or to accept all cookies will depend on the applicable law concerning cookies in your country and be easily found and explained in the cookie banner.
- If you are not interested in the advantages of our Cookies, the “Help “function of your browser can provide instructions on how to prevent Cookies or delete existing Cookies. Also, you can learn how to block all new Cookies on your browser and which configuration steps are required to receive a notification about new Cookies.
- Very helpful information on Cookies in general can be accessed on these websites: http://www.allaboutcookies.org/ or https://cookiepedia.co.uk .
Social media plug ins
Social media plugins are a part of certain web pages of ClevAir, and exist for social media providers (“Provider”); that is to say Facebook, Instagram, Twitter, LinkedIn, Google+, and Youtube. When you visit a page by clicking such a plugin your browser will connect to the respective social media server. At the same time, the Provider will know that you visited our website prior to landing on the social media site. If you are registered and have logged in with the relevant Provider, your visit can also be linked to your user account. The Providers in general do not provide specific information about which data are transmitted in the use of their social plugins. We, therefore, have no definitive ability to verify the content and scope of the transmitted data or its use by such Providers. For further information about this, please consult the data protection stipulations of the relevant Provider. If you do not wish a Provider to collect data on you through our website, please deactivate the plugins in your web browser. If you wish to avoid a link to any existing user account, you must log out of the social media web page before your visit to our website.
Third Party Links
This Policy applies solely to the use of this website. We may provide you with links to third party websites that may be of interest to you. However, please be aware that ClevAir is not responsible for the content and availability of such websites and cannot guarantee the privacy practices of such websites.
For any questions, comments, or concerns about this Policy, or in order to exercise your privacy rights permitted by applicable law related to Personal Data, please contact our Data Protection Officer at the following e-mail address: firstname.lastname@example.org
Valid from: December 2022
Take me back to the page navigation
ClevAir is incorporated under the laws of Norway, as a data controller, with its registered address at Grenseveien 21, 4313 Sandnes, Norway, and operates with its affiliates located around the world (collectively referred to as the “Company” or “we” or “our”).
By “Personal Data” we mean any information relating to an identified or identifiable natural person.
By “processing” we mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal Data: any information from which someone can or could find out your identity, such as your name, your address, email address and the like. This Statement describes the ways in which we Process the Personal Data we obtain from you through a website or application that is owned or operated by ClevAir or any of its affiliates and subsidiaries ( “ClevAir” or “We”). This Statement applies solely to Personal Data collected by ClevAir online, such as through a website, through e-mail and other online tools and applications, but not to offline collection.
Please note that the information or services provided here by ClevAir are directed at adults only and not at children under the age of 16. We do not knowingly collect Personal Data from anyone under the age of 16 online. Any person who provides their Personal Data here represents that they are 16 years of age or older. If you learn that your child has provided us with Personal Data without your consent, you may alert us as described in the “How to contact us” section below. If we learn that we have collected any Personal Data from children under the age of 16, we will promptly take steps to delete such information and delete the child’s profile.
Policy's Applicable Law
The Company undertakes to comply with the applicable data protection law (“Applicable Law”). Thus, depending on the countries where the Company is established, the processing of Personal Data will be subject to the local Applicable Law. Although certain requirements may vary from one country to another, the Company is particularly concerned about the privacy of Data Subjects, and this Policy constitutes a global guideline to which the Company is committed.
In particular, the Company is committed to complying with the following laws, where applicable:
- The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”). The GDPR aims to harmonise and frame the rules relating to the processing of Personal Data on the territory of the European Union in order to provide a single legal framework for professionals, and seeks to strengthen control by citizens of the use that may be made of Personal Data concerning them. This regulation applies to the processing of Personal Data for EU citizens or residents and for the activity of a controller or a processor in the UE territory.
Personal Data Collected
The Company may process the following Personal Data:
- Identity data: Last Name, First name, country and preferred language
- Contact details: email address, phone number
- Data related to user’s job: job title, Company name
- Data related to the user’s behaviour on the website
- Data related to the feedback that you provide on our product and services
Purposes of processing Personal Data
The following legal bases constitute the foundation on which the Company relies to carry out the processing of Personal Data. Other legal bases may be used depending on where the Data Subject resides and the relevant Applicable Law.
Some processing of Personal Data may be based on the consent of Data Subjects. The processing of Personal Data for this purpose may involve:
- Marketing purposes such as sending newsletters and information about products and services offered by the Company
- To improve the performance of our website
- To advise and interact with you : for the creation of your account, to contact us via the contact form, for ClevAir to respond to users, to send you case studies and relevant information about the product
The processing of Personal Data that the Company carries out may also be based on the execution of a contract or pre-contractual measures with Data Subjects. The processing of Personal Data for this purpose may involve:
- Fulfillment of our contractual obligations towards Data Subjects
- Provision of after-sales service after the purchase of a product by a customer
- Claims management
The Company may also process Personal Data based on its legitimate interest, in particular in order to improve our products and services, customer experience and internal processes. The processing of Personal Data for this purpose may involve:
- Conducting statistical/usage analysis
- Performing internal administrative functions
- Processing customer requests
- Prevent fraudulent activity and improve security
- Relationship management with Data Subjects
- Evaluation of the relevance of our products and services
The Company may also process Personal Data in order to respond to legal requirements. Processing based on legal requirements depends on the Applicable law.
Retention of Personal Data
Personal Data will not be kept longer than necessary for the above-mentioned purposes. This means that Personal Data will be deleted as soon as the purpose of the processing of Personal Data has been achieved. However, the Company may retain Personal Data longer if necessary to comply with Applicable Law, or if necessary to protect or exercise our rights, to the extent permitted by applicable data protection law.
At the end of the retention period, the Company may also need to archive Personal Data, to comply with Applicable Law, for a limited period of time and with limited access.
These retention periods may vary depending on the country where the Data Subjects reside and in accordance with Applicable Law.
Disclosure of Personal Data
The Company may share Personal Data, subject to your consent or other relevant legal basis, with the following third-parties:
- Other companies of our group such as subsidiaries and affiliated companies
- Trusted business partners providing services on our behalf, such as for technical support, for marketing purposes or for other types of service delivery
- Governmental authorities and public authorities, as far as this is necessary to provide any services that have been requested or authorised, to protect customers, contractor and partners’ rights, or our or others’ rights, property or safety, to maintain the security of our services or if we are required to do so because of Applicable Law, court or other governmental regulations, or if such disclosure is otherwise necessary in support of any legal or criminal investigation or legal proceeding
Depending on Applicable Law, we implement contracts with some third-parties to ensure that Personal Data is processed based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
Transfers of Personal Data
The above-mentioned third-parties such as affiliates and subsidiaries, as well as business partners, public authorities to whom we may disclose Personal Data, may be located outside of a Data Subject’s country of domicile, potentially including countries whose data protection laws may differ from those in the country in which Data Subjects are located.
If Personal Data are processed within the European Union/European Economic Area, and in the event Personal Data are disclosed to third parties in a country not considered as providing an adequate level of protection according to the European Commission, the Company will ensure:
- The implementation of adequate procedures to comply with Applicable Law, and in particular when a request for authorization from the competent supervisory authority is necessary
- The implementation of appropriate organisational, technical and legal safeguards to govern the said transfer and to ensure the necessary and adequate level of protection under Applicable Law
- If necessary, the implementation of Standard Contractual Clauses as adopted by the European Commission
- If necessary, take supplementary measures such as completing a data transfer adequacy assessment if, after evaluation of the circumstances of the transfer, and after evaluation of the legislation of the third country, it is necessary for the protection of the transferred Personal Data.
If Personal Data are not processed within the European Union/European Economic Area, and in the event Personal Data are disclosed to third parties located outside the Data Subject’s jurisdiction, the Company will ensure that appropriate safeguards are in place to protect Personal Data by implementing appropriate legal mechanisms. Those mechanisms may differ depending on the country and relevant Applicable Law.
Personal Data Security
The Company implements a variety of security measures, according to Applicable Law, in order to protect Personal Data from security incidents or unauthorised disclosure, and more generally from a Personal Data breach. These security measures are recognized as appropriate security standards in the industry and include, inter alia, access controls, password, encryption and regular security assessments.
If a Personal Data breach occurs, and in particular if there is a breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure or access to Personal Data transmitted, stored or otherwise processed, the Company will take appropriate measures such as:
- Investigating and analysing in order to determine the consequences of the Personal Data Breach and in particular whether it is likely to create a risk for the rights and freedoms of those affected
- If the analysis shows that there is a risk to the rights and freedoms of those affected, the Company will notify the competent authority and, in case of high risk, communicate to those affected
- Implement as soon as possible the measures necessary to remediate and mitigate the Personal Data breach
- Document the Personal Data breach in order to ensure its traceability
Appropriate measures and procedures in the event of a Personal Data breach may differ depending on the country where it occurs, the type of breach and depending on the relevant Applicable Law.
Privacy rights related to Personal Data
As may vary based on relevant Applicable Law, Data Subjects have rights related to their Personal Data, such as the right to request access, rectification, erasure of their Personal Data, restriction of processing, object to processing, request data portability, to be informed and withdraw their consent for processing of Personal Data based on their consent. Data Subjects may also object to automated individual decision-making if they are concerned by such processing.
In addition, in some jurisdictions you may provide instructions relating to the retention, communication and erasure of your Personal Data posthumously.
The exercise of such rights is not absolute and is subject to the limitations provided by Applicable Law.
Data Subjects may have the right to lodge a complaint with the local supervisory authority or the competent regulator if they consider that the processing of their Personal Data infringes Applicable Law.
To exercise those privacy rights, Data Subjects may contact us as described in the section “How to contact us” below. We may ask proof of identity in order to respond to the request. If we can’t satisfy your request (refusal or limitation), we will motivate our decision in writing.
Updates to this Policy
If necessary, we may from time to time need to update this Policy in order to reflect new or different privacy practices. In this case, we will post updated versions of this Policy on this page. A revised Policy will apply only to data collected subsequent to its effective date. We encourage you to periodically review this page for the latest information on our privacy practices.
How to contact us
For any questions, comments, or concerns about this Policy, or in order to exercise the privacy rights permitted by Applicable Law related to Personal Data, please contact our Data Protection Officer at the following address:
Phone: +47 51555550
Effective Date: December 2022
Take me back to the page navigation
Vulnerability Disclosure Policy
Have you found a weak point? Let us know as soon as possible.
At ClevAir AS, we consider the security of our systems, our network, and our services of utmost importance. Despite the great care we take regarding security, weak points can still remain. If you have found such a weakness, we would like to hear about it as soon as possible so that we can take appropriate measures as quickly as possible.
Weak points can be discovered in two ways: you can accidentally come upon something during the normal use of a digital environment, or you can explicitly do your best to find them.
Our Coordinated Vulnerability Disclosure policy is not an invitation to actively scan our network to discover weak points. We monitor our network ourselves. This means that there is a high chance that a scan will be detected and that an investigation will be performed by our Security Operation Center (SOC), which could result in unnecessary costs.
You are, however, invited to actively search for vulnerabilities in our products in an offline non-production environment and to report your findings to us.
We would like to work with you to better protect our customers and our systems.
We ask that you:
E-mail your findings as quickly as possible to email@example.com.
Do not abuse the vulnerability; for example, by downloading, editing or deleting data. We will always take your report seriously and investigate any suspicions of a vulnerability, even without proof.
Do not share the problem with others until it has been resolved.
Do not make use of attacks on physical security, of social engineering or hacking tools, such as vulnerability scanners.
Give adequate information for the problem to be reproduced so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability are enough, although more information might be necessary for more complex vulnerabilities.
What we promise:
We will respond to your report within 30 business days with our evaluation of the report and the expected resolution date.
We will handle your report confidentially and will not share your personal information with third parties without your permission. An exception to this is the police and judiciary in the event of prosecution or if the information is demanded.
We will keep you informed of the progress of the solution to the problem.
In communication about the reported problem, we will state your name as the party that discovered the problem if you wish.
Unfortunately, it is impossible to guarantee in advance that no legal action will be taken against you. We hope to be able to consider each situation individually. We consider ourselves morally obligated to report you if we suspect the weakness or data are being abused or that you have shared knowledge of the weakness with others. You can rest assured that an accidental discovery in our online environment will not lead to prosecution.
We strive to resolve all problems as quickly as possible, to keep all involved parties informed and we would like to be involved in any publication about the problem once it is resolved.
Take me back to the page navigation