Privacy Policy for the Nordic Climate Finance Summit
Oslo, Norway
Effective Date: 4 June 2026
The Nordic Climate Finance Summit ("the Summit," also referred to as the "NCF Summit," "we," "us," or "our") is committed to protecting the privacy of its attendees, speakers, sponsors, exhibitors, and other participants ("you" or "data subject"). This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Norwegian data protection laws.
This Privacy Policy should be read together with our Terms & Conditions, which govern your booking, payment, cancellation, and attendance at the Summit. It is provided for information purposes and does not by itself form a contract. Where we rely on your consent for a specific activity, we will ask for that consent separately.
1. Data Controller
The data controller responsible for the processing of your personal data under this Privacy Policy is:
TerraCapX AS
Edvard Storms gate 2
0166 Oslo
Norway
summit@terracapx.com
2. Information We Collect
We may collect and process various types of personal data from you in connection with the Nordic Climate Finance Summit, including but not limited to:
- Identification and Contact Information: Name, job title, organization, email address, phone number, postal address, country of residence.
- Registration Information: Information provided when you register for the Summit, including attendance type (e.g., attendee, speaker, sponsor, exhibitor), dietary requirements, accessibility needs.
- Payment Information: If applicable, billing address and payment details (please note that payment processing is typically handled by secure third-party providers, and we do not store your full payment card details). Booking and payment terms are set out in our Terms & Conditions.
- Professional Information: Your biography, photo, and presentation details if you are a speaker. Information about your organization if you are a sponsor or exhibitor.
- Interaction and Engagement Data: Information about your participation in Summit sessions, networking activities, and interactions with our website or event platform.
- Technical Information: IP address, browser type, operating system, and other technical details when you access our website or online event platforms.
- Communication Information: Your preferences for receiving communications from us, and records of your correspondence with us.
- Images and Recordings: Photographs and video recordings taken at the Summit (where notice is provided and, where necessary, consent is obtained).
3. How We Use Your Information
We process your personal data for the following purposes:
- To facilitate your registration and participation in the Summit: This includes processing your application, managing your attendance, and providing you with necessary information about the event.
- To manage payments: Processing registration fees and other related payments in accordance with our Terms & Conditions.
- To organize and deliver the Summit: Planning logistics, managing sessions, coordinating speakers and participants.
- To enhance your Summit experience: Tailoring content, facilitating networking opportunities, and providing relevant information.
- To communicate with you: Sending you updates, announcements, and important information about the Summit.
- To promote the Summit: Using speaker biographies and photos in Summit materials, and potentially using photographs and recordings from the event for promotional purposes (in accordance with Section 2 and our Terms & Conditions).
- To manage sponsor and exhibitor participation: Facilitating their involvement and providing them with relevant attendee information where consent has been provided or a legitimate interest exists (with appropriate safeguards).
- To analyze Summit attendance and engagement: Understanding participant demographics and interactions to improve future events.
- To comply with legal and regulatory obligations: Meeting requirements under applicable laws, including tax and accounting regulations.
- To ensure the security and safety of the Summit: Implementing security measures and managing access to the event.
- For internal business purposes: Including data analysis, research, and improving our services.
4. Legal Basis for Processing
We will only process your personal data when we have a lawful basis for doing so. The legal bases we rely on include:
- Performance of a Contract: Processing necessary to fulfill our obligations under the contract with you for your participation in the Summit (e.g., processing registration, providing access to sessions), as governed by our Terms & Conditions.
- Legitimate Interests: Processing necessary for our legitimate interests in organizing and promoting a successful event, improving our services, and managing our business, provided these interests are not overridden by your interests and fundamental rights.
- Consent: Where required by law, we will obtain your explicit consent for specific processing activities (e.g., for sending you marketing communications unrelated to the Summit, placing non-essential cookies, using your image in promotional materials beyond general event coverage where you are identifiable).
- Legal Obligation: Processing necessary to comply with applicable laws and regulations.
- Vital Interests: In rare cases, processing may be necessary to protect your vital interests or the vital interests of another natural person.
5. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
As a general guide:
- Registration and attendance data: kept for the duration of your participation and for up to 24 months after the Summit, to manage follow-up and inform you of future events, unless you object or withdraw earlier.
- Marketing and communication preferences: kept until you unsubscribe, withdraw consent, or object.
- Payment, invoicing, and accounting records: retained for at least 5 years after the end of the relevant financial year, as required by Norwegian bookkeeping law (Bokføringsloven).
- Cookie consent records: retained for up to 5 years for documentation purposes.
- Website and analytics data: kept for up to 14 months.
- Photographs and recordings: retained for as long as we use them for promotion, unless you ask us to stop using identifiable images of you.
When personal data is no longer required, we will securely delete or anonymize it.
6. Data Security
We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. However, please be aware that no method of transmission over the internet or electronic storage is completely secure.
7. Cookies and Tracking Technologies
Our website and event platform use cookies and similar tracking technologies (such as pixels and tags) to enable core functionality, remember your preferences, measure website performance, and — where you allow it — support analytics and marketing.
In line with the Norwegian Electronic Communications Act (ekomloven) and the GDPR, we only place non-essential cookies (including analytics and marketing cookies, such as those set by our website and email platforms) after you have given clear, active, and specific consent. We do not use pre-ticked boxes and we do not treat continued browsing as consent. You can accept or reject each category of non-essential cookies with equal ease, and using the website is not conditional on accepting cookies. Strictly necessary cookies, which are required for the website to function, do not require consent.
8. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
- Service Providers: Third-party vendors and service providers who assist us in organizing and running the Summit, such as IT providers, payment processors, event platform providers, and venues. Our current key service providers include Webflow (website hosting), HubSpot (email and marketing communications), and our registration and payment provider Checkin.no. These service providers are contractually obligated to protect your data and only process it in accordance with our instructions.
- Summit Partners: Sponsors and exhibitors may receive certain attendee information (e.g., organization, job title) if you have consented to this sharing during the registration process or through other explicit means. Their use of your data will be subject to their own privacy policies.
- Speakers: If you are an attendee, your name, organization, and job title may be visible to speakers in attendance lists or on the event platform to facilitate networking.
- Other Attendees: Limited information (e.g., name, organization, job title) may be visible to other attendees through networking features on the event platform, if applicable, based on your privacy settings.
- Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to a valid request from a public authority.
- In the event of a merger or acquisition: Your personal data may be transferred to a new entity in connection with a merger, acquisition, or sale of assets, subject to the terms of this Privacy Policy.
We will not sell your personal data to third parties for their marketing purposes without your explicit consent.
9. International Data Transfers
Your personal data may be transferred to and stored in countries outside Norway or the European Economic Area (EEA), for example where our service providers are located in the United States. Where we transfer personal data outside the EEA, we rely on an appropriate transfer mechanism, such as:
- transfers to recipients in countries the European Commission has recognized as providing an adequate level of protection (an adequacy decision);
- transfers to U.S.-based providers certified under the EU–U.S. Data Privacy Framework (DPF); or
- the European Commission's Standard Contractual Clauses (SCCs), supported by a transfer impact assessment and any additional safeguards required.
Because the legal landscape for international transfers can change, we keep our transfer mechanisms under review and update them as needed. You can request more information about the safeguards we use by contacting us using the details in Section 1.
10. Your Data Protection Rights
Under the GDPR and Norwegian data protection laws, you have the following rights regarding your personal data:
- Right of Access: You have the right to request a copy of the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data under certain circumstances.
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
- Right to Object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest as our legal basis, or for direct marketing purposes.
- Right to Withdraw Consent: Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe that our processing of your personal data infringes the GDPR.
To exercise any of these rights, please contact us using the contact details provided in Section 1. We will respond to your request in accordance with applicable law.
11. Automated Decision-Making and Profiling
We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, based solely on automated processing (including profiling). If this changes, we will update this Privacy Policy and inform you of the logic involved and the significance and likely consequences of such processing.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the updated policy on the Summit website or by other appropriate means. We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:
summit@terracapx.com
TerraCapX AS
Edvard Storms gate 2
0166 Oslo
Norway