This document enters into effect since April 26, 2022.
NET2GRID is an AI company which empowers energy retailers to become energy transition leaders by unlocking value from smart meter data. NET2GRID provides the most accurate residential energy insights and predictions thanks to our unique know-how in collecting and analysing smart meter data of all granularities.
NET2GRID’s website is open to all visitors, potential business clients, suppliers, partners, and household customers. In order to provide a complete visiting experience, we collect personal data from different sources within our website. Processing of Personal Data, such as name, address, e-mail address, IP address, or telephone number will always be in line with the Regulation 679/2016 (EU) in the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation/GDPR), and, to the extent applicable, in accordance with the national data protection laws and regulations.
This Policy applies to all personal data we collect in providing products and services to you, as well as from online services, electronic mail and related content.
In this section you can find some useful definitions of cornerstone terms introduced by the General Data Protection Regulation.
a) Personal Data
Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
Data Subject means any identified or identifiable natural person, whose Personal Data is processed by NET2GRID.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
h) Third Party
Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.
Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.
2. Information about NET2GRID B.V. and the Data Protection Officer (DPO)
A. Identity and contact details of the company
NET2GRID B.V. is a Dutch company incorporated by the Dutch law and acts in its capacity as a controller for the purposes of the General Data Protection Regulation (GDPR) and the applicable national legislation. The company details are:
Prins Hendriklaan 7, 3701CK Zeist, The Netherlands
CEO: Bert Lutje Berenbroek
B. Contact details of the Data Protection Officer
Angeliki Sidirokastriti, Legal and Risk Counsel, DPO
K. Kristalli 4, 54626, Thessaloniki, Greece
e-mail: email@example.com, firstname.lastname@example.org
C. Competent Data Protection Supervisory Authority
EU Lead Data Protection Supervisory Authority
Dutch Data Protection Authority (Dutch DPA), Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ Den Haag, https://autoriteitpersoonsgegevens.nl/en
3. Personal Data We Collect About You
When you fill any online form on our website, we may collect your full name, company name, business address, country or region, email address, timestamp, IP address, contact details, and any other information that you provide us. There are details that are required in order to fill the form and others that are optional. You may also provide us any other information you consider necessary by filling the “Leave us a message” field of the form. Your consent is also required for us to proceed with processing your personal data.
When you contact us by email, we collect your full name, email address, email footer, technical information that is incorporated in emails, and any other information you choose to include in the body of your email.
When you contact us by phone, we will collect the phone number you used to call and any other information you choose to give us and we may ask you for additional information in order to verify your identity.
You may also choose to submit information to us via other methods, including: (i) in response to marketing, other communications or online advertisements, (ii) through social media or online forums, (iii) through participation in an offer, program or promotion, (iv) in connection with an actual or potential business relationship with us, usually by signing a business agreement, or (v) by giving us your business card or contact details at trade shows or other events, in person or through third parties. In these cases, we process the information that you choose to give us.
4. How We Use Personal Data
a. To facilitate business operations and relationships with our clients, potential clients, suppliers and partners, to comply with legal obligations and to pursue our legitimate business interests.
b. For the improvement of our website and to develop new features and functionalities. Processing of such data for analytics purposes is done in aggregated or anonymised form.
c. For marketing and events-related communication regarding our products and services. NET2GRID may also invite you to our events or surveys.
e. For the purpose of processing a job application and the completion of an employment/service provision agreement.
g. For any other reason that shall be expressly indicated during our communication and permitted by the applicable law.
We do not transfer, share, rent or sell the personal data of our visitors for interest-based advertising to unauthorized third parties.
5. How We Disclose Personal Data
We do not transfer or share your personal data, except in cases outlined below.
a. NET2GRID entities. We share personal data with NET2GRID entities in order to support the use of our website and provide our products and services, as well as for internal administration purposes.
b. Service providers. We share Personal Data with a limited number of external service providers that are carefully chosen to provide services on our behalf, such as accounting, website support, data hosting, data analysis, information technology and related infrastructure, customer service, advertising services, email delivery, or auditing services. These service providers may need to access Personal Data to perform their tasks. We authorize such service providers to use or disclose the Personal Data only to the extent and as necessary to perform their services on our behalf or comply with legal requirements. We require such service providers to engage contractually to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union.
c. Business Partners. We share Personal Data with Third Parties and Business Partners when this is necessary to provide products and services to our clients. Examples of Third Parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks), online signing applications and other possible professional service firms that we partner with, to the extent necessary to provide our products and services to our clients.
f. Compliance. We share Personal Data as we believe necessary: (i) to comply with the applicable law, (ii) to enforce our contractual rights, (iii) to protect the rights, privacy, safety and property NET2GRID, you or others, and (iv) to respond to requests from courts, law enforcement agencies, regulatory authorities, data protection authorities, and other public and government authorities, which may include authorities outside your country of residence.
6. Cookies And Links to External Connections
In this way, we collect and process information about you, other websites and online services including browser and device data, IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of other websites you are visiting, as well as usage data, such as time spent on websites, pages visited, links clicked, language preferences, and the pages that led or referred you to our website. We also collect information about your online activities on these websites and connected devices over time and across third party websites, devices, apps and other online features and services.
External Connections are internet connections that are used to connect with third party websites, apps, documents. Third party websites and applications operate independently from NET2GRID and have their own privacy notices or policies, which we strongly suggest you to review. If any linked website is not owned or controlled by us, we are not responsible for its content, cookies, and external connections, any use of the website or the privacy practices of the operator of the website. NET2GRID bears no responsibility for the content of the documents and the opinions expressed through them by their author.
Necessary Cookies: Some cookies are essential to the operation of our website, make them usable, and secure by enabling basic functions like page navigation and access to secure areas of the website.
Autofill cookies: These cookies allow us to save the information filled by the visitor into our forms, and not have to fill them again manually the next time that they wish to fill a form on our website.
Fraud Prevention and Detection: Cookies and similar technologies that we deploy through our website help us learn things about how computers and web browsers are used to access the website. This information helps us monitor for and detect potentially harmful or illegal use of our website.
Security. To protect visitor’s data, as well as information provided through our website from unauthorized access and use.
Preference Cookies. Preference cookies are used to remember your preferences and to recognize you when you return to our website.
Analytics Cookies. Analytics cookies help us understand how visitors interact with our website. We use such cookies in a number of different ways, including to remember how you prefer to use our website so that you don’t have to reconfigure your settings each time you visit our website or log into your account and to make our website work better for you. They also give us useful insight to improvements or enhancements we need to make to our website.
We have implemented a Cookie Banner that you can use to consent or decline consent in regards to all cookies and external connections that are not technically necessary for the use of our website by the visitor, if any. You can choose and amend your preferences and also withdraw or provide your consent in a later time through the Cookie Banner, with the exception of those cookies that are technically necessary for the proper operation of our website. Your web browser may also allow you to manage your cookie preferences, including deleting and disabling cookies. If you choose to disable cookies, some features of our website may not operate as intended. For more information about the cookie functions on your web browser, you can visit:
Microsoft Internet Explorer
Apple Safari for Mac
Apple Safari for iOS
NET2GRID bears no responsibility about the capabilities and functions provided by the web browser of your choice.
7. Registration On Our Website
The visitor has the possibility to register on parts of NET2GRID website. The respective form used for the registration determines what Personal Data is to be transmitted to NET2GRID for registration purposes.
The Personal Data entered by the visitor are collected and stored for use by NET2GRID for its own business purposes. NET2GRID is the controller of such processing and may transfer the Personal Data to one or more Processors (e.g., a hosting provider) to execute specific operations on our behalf. Registered persons are free to change the Personal Data provided during the registration at any time, or to have them completely deleted from our database. Users have also the right to deactivate their registration.
By registering, the IP address, the date and time of the registration are also stored for traffic monitoring and security reasons. This data is not transferred to third parties unless under your consent or according to a legal or statutory obligation.
8. Subscription To Our Newsletter - Tracking
Visitors may subscribe to NET2GRID’s newsletters through our website. The form used for this purpose determines what Personal Data is collected.
NET2GRID informs its customers, partners and interested parties regularly by means of a newsletter about company news, new products and services, milestones and presence in events. The subscribed person may only receive the newsletter if (1) has a valid e-mail address and (2) has completed the newsletter form. A confirmation email will be sent to the e-mail address indicated via the newsletter form.
During the registration for the newsletter, we also store the IP address used by the data subject at the time of registration, as well as the date and time of registration.
The data collected as part of the registration process will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by email, as long as this is necessary for the operation of the newsletter in the event of modifications to the newsletter service or in the event of a change and due to technical circumstances. There will be no transfer of personal data collected over the newsletter form to unauthorized third parties.
The newsletter also contains the so-called tracking pixels. A tracking pixel is a miniature graphic embedded in newsletter emails to enable log file recording and analysis. This allows a statistical analysis of the success or failure of email marketing campaigns. Based on the embedded tracking pixel, NET2GRID may see if and when a recipient opened the newsletter email, the IP address of the recipient, and which links in the newsletter were called up. These data will not be transferred to unauthorized third parties.
Such personal data collected over the tracking pixels are stored and analysed by NET2GRID in order to optimize and send the newsletter, as well as to adapt the content of future newsletters to the interests of the recipient.
The data subject may unsubscribe from our newsletter list and thus revoke consent to the processing of the personal data provided for the newsletter subscription at any time following the corresponding link found in each newsletter.
9. Contact Possibility Via The Website
Our website contains information that enables a quick electronic contact to, as well as direct communication with NET2GRID. If you wish to contact NET2GRID by e-mail or via a contact form, the personal data collected and transmitted through this form are automatically stored for the purpose of contacting the Data Subject, in compliance with applicable law (e.g. statutory retention periods). There is no transfer of this personal data to unauthorized third parties.
10. Rights Of The Data Subject
The data subject whose personal data we collect and process as described above has the following rights which stem from GDPR and the applicable national legislation.
a) Right to be informed
b) Right to access
c) Right to rectification
d) Right to erasure (Right to be forgotten)
e) Right of restriction of processing
f) Right to data portability
g) Right to object
h) Automated individual decision-making, including Profiling
i) Right to withdraw consent
If the Data Subject wishes to exercise any of the above data subject rights, he or she may, at any time, contact the our DPO using any of the contact means provided hereby, or if this is not feasible, contact NET2GRID via any of the given contact points, indicating the purpose of the communication and the request. NET2GRID may contact you in order to resolve the request.
11. Job Applications and Candidates
NET2GRID collects and processes Personal Data of candidates for the purpose of evaluating these candidates. Processing may be carried out electronically. This is – in particular – the case, if an applicant submits corresponding job application documents by email. If NET2GRID concludes an employment contract with an applicant, the submitted data will be stored for the purpose of concluding and executing the employment contract during the term of the employment relationship in compliance with applicable legal requirements. If no employment contract is concluded with the applicant, the job application documents will be automatically erased six months after notification of the refusal decision, provided that no overriding legitimate interests of NET2GRID are opposed to the erasure.
12. Legal Basis For The Processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing for which we obtain data subject’s consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the Data Subject is or shall be a party (e.g. when processing is necessary for the negotiation of pilot agreements or commercial agreements for our products and services), the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing which is necessary for carrying out pre-contractual actions and events. If our company is subject to a legal obligation by which processing of personal data is required (e.g. for the fulfillment of tax, social security and other obligations), the processing is based on Art. 6(1) lit. c GDPR. In some cases, the processing of personal data may be necessary to protect the vital interests of the Data Subject or of another natural person. This would be the case, for example, if a visitor was injured in our company and his/her name, age, health insurance data or other vital information would have to be communicated to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. There could also be the case, where the processing will be covered by the legitimate interests pursued by our company except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. Such processing operations are particularly permitted by Art. 6(1) lit. f GDPR.
13. Retention period
The criteria used to determine the retention period of Personal Data is the respective retention period determined hereby or the statutory retention period, if any. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract or if required by the applicable law.
14. International Data Transfers
15. Information security and privacy
As an IT company, we are in the position to know that possible security gaps and threats exist and that absolute data security and privacy may not be achieved. Hence, we are sensitized and oriented towards establishing a safe digital environment for our visitors, to the extent possible. To this, NET2GRID takes appropriate and reasonable technical and organizational measures to safeguard personal data against loss, theft and unauthorized access, disclosure, alteration, misuse, or destruction. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately. NET2GRID may communicate with you regarding privacy and security issues affecting the information collected about you. You can also contact us for more information about the implemented information security and privacy measures, in the contact details provided hereunder.
Please feel free to contact us if you have questions regarding our privacy, this policy or data processing and security practices.
For information security and privacy topics, you can email us at email@example.com
To contact our Data Protection Officer, you can email us at firstname.lastname@example.org