klappir-wordmark

Privacy Statement

How Klappir collects, uses, and protects your personal data.

Privacy statement of Klappir Grænar Lausnir hf.

Privacy statement of Klappir Grænar Lausnir hf. (“Klappir”, “Company” “we”, “our”).

Our customers’ data security is of great importance to us. We are aware that some of the information collected, processed and presented on Klappir software services is regarded as personal data according to Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”). We are determined to protect our customer’s data to the fullest extent possible and have taken the appropriate steps to ensure we are compliant with the GDPR.

This privacy statement will inform you as to how we look after your personal data when you visit our website and use our Software Services and other services and tell you about your privacy rights and how the law protects you.

PURPOSE OF THIS PRIVACY STATEMENT

This privacy statement aims to give you information on how Klappir collects, processes and presents personal data through your use of our Software Services, including any data you may provide when you subscribe to, or log on to our services. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact us using the details set out below:

Klappir Grænar Lausnir hf. E-mail: contact(at)klappir.com Address: Hlidasmari 3, 201 Kopavogur, Iceland

THE DATA WE COLLECT

Personal data, or personally identifiable information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes your full name, username or similar identifier, title and user image.

  • Contact Data includes e-mail addresses and telephone numbers.

  • Transaction Data includes details about payments for services.

  • Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data includes your login details, preferences and feedback.

  • Usage Data includes information on how you use our website and Software Services.

Where we need to collect personal data under the terms of an agreement we have made with you or an entity that you represent and you fail to provide that data when requested, we may not be able to perform the agreement or provide our services.

Our Software Services are not intended for the processing of sensitive personal data and any personal data that you input as a user of the services is at your discretion and your responsibility as stipulated in the Service Terms.

Klappir does not knowingly process any personal data of any person under the age of 16. If you suspect any processing of personal data of data subjects under the age of 16, please contact us.

HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you apply for our products or services or give us some feedback.

  • Automated technologies or interactions. As you interact with our website or Software Services, we may automatically collect Usage Data and Technical Data about your equipment, software usage and patterns. We collect this personal data by using cookies and other similar technologies.

  • Third parties or publicly available sources. As you engage in our services, you may choose to give us access to your data from third-party data sources. Third parties, including customers of Klappir who have a business relationship with a company you represent, may send us your contact information in order to request to connect with a company you represent via our Software Services. We may also collect contact data from publicly available sources for business development and marketing purposes, insofar as it is our legitimate interest. Although most of the raw data collected from the third-party data sources does not consist of personal data, some of it may be relatable with an identified or identifiable individual, thus falling under the definition of personal data.

Hubspot CRM

We use Hubspot CRM tools on our website. The provider is Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA. The use of Hubspot CRM tools allows us to manage our existing and potential customer contact information across different channels and to record and analyze visitor’s behavior on our website. Hubspot’s Data Processing Agreement includes Standard Contractual Clauses ensuring appropriate data protection safeguards when transferring data out of the EU/EEA.

Pendo

We collect your Usage Data via Pendo, a tool we use to create walk through guides and for analytics purposes. The provider is Pendo.io Inc., 301 Hillsborough St, Suite 1900, Raleigh, NC 276031, USA. Please see Pendo's Privacy Policy and EU Data Subject Rights for more details.

PostHog

We collect Usage Data via PostHog, a product analytics service used to understand how users interact with our Software Services. The provider is PostHog Inc., 965 Mission Street, San Francisco, CA 94103, USA. We use PostHog to analyse feature usage, performance and user-flows in order to improve functionality and enhance the overall user experience.

Klappir uses PostHog’s EU-cloud-hosted infrastructure. All Usage Data is stored and processed within the EU and no personal data is transferred outside the EU/EEA. In this use-case, PostHog acts solely as a data processor on our behalf; we remain the data controller for the collected Usage Data. Our agreement with PostHog incorporates appropriate safeguards (including Standard Contractual Clauses) to ensure protection of data if any transfer outside the EU/EEA were ever required.

For more information on PostHog’s privacy practices see PostHog’s Privacy Policy.

Attio

We collect and manage customer relationship data via Attio, a CRM platform used to organise and maintain records related to our business contacts and customers. The provider is Attio Limited, 86-90 Paul Street, London, EC2A 4NE, United Kingdom. We use Attio to store contact information, track interactions, and manage our customer and partner relationships.

Klappir uses Attio's cloud-hosted infrastructure. Personal data stored in Attio may be processed in accordance with Attio's data processing terms. In this use-case, Attio acts solely as a data processor on our behalf; we remain the data controller for the data stored within the platform. Our agreement with Attio incorporates appropriate safeguards (including Standard Contractual Clauses where applicable) to ensure the protection of personal data.

For more information on Attio's privacy practices see Attio's Privacy Policy.

Intercom

We use Intercom for customer communications and support, including in-app messaging, live chat, and user onboarding. The provider is Intercom R&D Unlimited Company, a company registered in Ireland with offices at 124 St Stephen's Green, Dublin 2, DC02 C628, Ireland. We use Intercom to manage support conversations, send product updates, and communicate with users in relation to our Software Services.

Personal data processed through Intercom may include contact details and information shared during support interactions. In this use-case, Intercom acts solely as a data processor on our behalf; we remain the data controller for the data processed through the platform. As an Irish-registered entity, Intercom operates within the EU legal framework. Where personal data is transferred outside of the EEA, Intercom relies on the EU Standard Contractual Clauses or the EU-U.S. Data Privacy Framework intercom to ensure appropriate safeguards are in place. For more information on Intercom's privacy practices see Intercom's Privacy Policy.

For more information on Intercom's privacy practices see Intercom's Privacy Policy.

HOW WE USE YOUR PERSONAL DATA AND LEGAL BASES FOR DATA PROCESSING.

We will only use your personal data in accordance with the law. Article 6 of the GDPR stipulates that all processing of personal data must have a legal basis. Accordingly, we will use your personal data in the following circumstances:

  • With your consent.

  • When we need to perform the agreement we are about to enter into or have entered into with you. This includes providing the software services and other services and for communications relating to the agreement and other communications with you regarding our services.

  • For our legitimate interest, as outlined in this Privacy Statement. This includes when we want to send you communications about product updates, newsletters, invitations to webinars and other material that we think may be relevant to you as a user or prospective user of our services. You can opt out of these communications at any time.

  • Where we need to comply with statutory obligations.

COOKIES

You can set your browser's settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For further information on how we use cookies, please see our Cookie Policy.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is lawful and compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

TRANSFER OF DATA

We may transfer your personal data to third parties, such as cloud storage services, to make it possible for us to provide you with our services. Some of these parties may be located outside of the European Economic Area (EEA). Transfer of personal data to third parties outside of the EEA is based on Standard Contractual Clauses adopted by the European Commission.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the specified purposes and in accordance with our instructions.

The Klappir Sustainability Platform is hosted in Amazon Web Services (AWS) data centers, utilizing the AWS infrastructure as a service (IaaS). The services making up the systems for the Platform are deployed in AWS regions in the United States and Sweden.

As of 2023, we are in the process of relocating our Software Services wholly into AWS's hosted infrastructure in Sweden.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

Our Software Services are hosted in AWS, which has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v4.0.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any statutory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

YOUR LEGAL RIGHTS

Under certain circumstances you, or those whose personal data you share with us, have rights under data protection laws. These rights include:

  • Requesting access to personal data.

  • Requesting correction of personal data.

  • Requesting erasure of personal data.

  • Objecting to processing of personal data.

  • Requesting restriction of processing personal data.

  • Requesting transfer of personal data.

  • Right to withdraw consent.

If you wish to exercise any of the rights set above, please contact us at contact@klappir.com.

We endeavor to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you are not satisfied with our resolution or believe that Klappir has not complied with relevant data protection laws and regulations, you may contact a Data Protection Authority, including the Icelandic DPA.

CHANGES TO OUR PRIVACY STATEMENT

This privacy statement may be updated occasionally and we will always post the most recent version on our webpage. This privacy statement was last reviewed February 2025 and last updated on November 20, 2025 (PostHoc/Data collection).