NET2GRID Privacy Policy

This document enters into effect since Mar 13,2024.

NET2GRID is an AI company which empowers energy retailers to become energy transition leaders by unlocking value from smart meter data. NET2GRID provides the most accurate residential energy insights and predictions thanks to our unique know-how in collecting and analysing smart meter data of all granularities.

NET2GRID’s website www.net2grid.com, is open to all visitors, potential business clients, suppliers, partners, and household customers. At the same time, the public may have access to NET2GRID’s mobile application, YNNI app, which can be downloaded from the Apple or Google app stores.

​

In order to provide a complete visiting experience, we collect personal data from different sources within our website and app. Processing of Personal Data, such as name, address, e-mail address, IP address, or telephone number will always be in line with the Regulation 679/2016 (EU) in the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation/GDPR), and, to the extent applicable, in accordance with the national data protection laws and regulations. 

By this Privacy Policy (the “Policy”), we would like to inform the public about the nature, scope, and purpose of the processing of their personal data and the rights to which they are entitled. In practice, our policy is supported by appropriate and suitable technical and organizational measures. NET2GRID has established internal policies and procedures to govern our internal networks and systems and the processing of personal data related to employees and other authorized network users. NET2GRID's achievement of ISO/IEC 27001 certification shows that we follow international best practices for information security management by implementing a functional ISMS.

This Policy applies to all personal data we collect in providing products and services to you, as well as from online services, electronic mail and related content.

​

1. Definitions 
In this section you can find some useful definitions of cornerstone terms introduced by the General Data Protection Regulation.

  
a) Personal Data 

Personal Data means any information relating to an identified or identifiable natural person. An  identifiable natural person is one who can be identified, directly or indirectly, in particular by reference  to an identifier such as a name, an identification number, location data, an online identifier or to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity  of that natural person.  

b) Data Subject

​

Data Subject means any identified or identifiable natural person, whose Personal Data is processed by  NET2GRID.  

c) Processing  

Processing means any operation or set of operations which is performed on Personal Data or on sets of  Personal Data, whether or not by automated means, such as collection, recording, organisation,  structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,  dissemination or otherwise making available, alignment or combination, restriction, erasure or  destruction.  

d) Profiling  

Profiling means any form of automated Processing of Personal Data consisting of the use of Personal  Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict  aspects concerning that natural person's performance at work, economic situation, health, personal  preferences, interests, reliability, behaviour, location or movements.  

e) Pseudonymisation

 
Pseudonymisation means the Processing of Personal Data in such a manner that the Personal Data can  no longer be attributed to a specific Data Subject without the use of additional information, provided  that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural  person.  

f) Controller  

Controller means the natural or legal person, public authority, agency or other body which, alone or  jointly with others, determines the purposes and means of the Processing of Personal Data; where the  purposes and means of such Processing are determined by Union or Member State law, the Controller  or the specific criteria for its nomination may be provided for by Union or Member State law.

 
g) Processor  

Processor means a natural or legal person, public authority, agency or other body which processes  Personal Data on behalf of the Controller. 

h) Third Party  

Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.  

i) Consent

 
Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of  the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.  

2. Information about NET2GRID B.V. and the Privacy Officer  

A. Identity and contact details of the company

NET2GRID B.V. is a Dutch company incorporated by the Dutch law and acts in its capacity as a controller for the purposes of the General Data Protection Regulation (GDPR) and the applicable national legislation. The company details are:  

​

NET2GRID B.V.
Prins Hendriklaan 7, 3701CK Zeist, The Netherlands
CEO: Bert Lutje Berenbroek
Email: sales@net2grid.com 

 

NET2GRID Hellas
K. Kristalli 4, 54621, Thessaloniki, Greece
Country Manager: Dimitrios Doukas
Email: dimitrios@net2grid.com

​

NET2GRID North America Inc.
395 SW Bluff Dr, Suite 10, Bend, OR 97702, US

B. Contact details of the Privacy Officer

Angeliki Sidirokastriti, Legal and Risk Counsel, DPO
K. Kristalli 4, 54626, Thessaloniki, Greece
e-mail: dpo@net2grid.com, sidirokastriti@net2grid.com

  
C. Competent Data Protection Supervisory Authority

EU Lead Data Protection Supervisory Authority 

Dutch Data Protection Authority (Dutch DPA), Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ Den Haag, https://autoriteitpersoonsgegevens.nl/en

​

UK Data Protection Supervisory Authority

​

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, https://ico.org.uk/

​

Switzerland Data Protection Supervisory Authority

​

Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten (EDÖB), Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, CH - 3003 Bern, https://www.edoeb.admin.ch/edoeb/de/home.html
 

3. Personal Data We Collect About You 

When you fill any online form on our website or on YNNI app, we may collect your full name, company name, business address, country or region, email address, timestamp, IP address, contact details, and any other information that you provide us. There are details that are required in order to fill the form and others that are optional. You may also provide us any other information you consider necessary by filling the “Leave us a message” field of the form. Your consent is also required for us to proceed with processing your personal data. 

When you contact us by email, we collect your full name, email address, email footer, technical  information that is incorporated in emails, and any other information you choose to include in the body of your email.  

When you contact us by phone, we will collect the phone number you used to call and any other  information you choose to give us and we may ask you for additional information in order to verify your identity.   

You may also choose to submit information to us via other methods, including: (i) in response to  marketing, other communications or online advertisements, (ii) through social media or online forums,  (iii) through participation in an offer, program or promotion, (iv) in connection with an actual or potential business relationship with us, usually by signing a business agreement, or (v) by giving us your business card or contact details at trade shows or other events, in person or through third parties. In these cases, we process the information that you choose to give us.  

4. How We Use Personal Data 

a. To facilitate business operations and relationships with our clients, potential clients, suppliers and partners, to comply with legal obligations and to pursue our legitimate business interests.

b. For the improvement of our website and app and to develop new features and functionalities. Processing of such data for analytics purposes is done in aggregated or anonymised form.

c. For marketing and events-related communication regarding our products and services. NET2GRID may also invite you to our events or surveys. 

d. For advertisement of our products and services (“interest-based advertising”). When you visit our website, we will use cookies to identify your device and direct advertisement of our products and services. Please refer to section “Cookies and External Connections – General Information” below for more information regarding the use of cookies and your options. 

e. For the purpose of processing a job application and the completion of an employment/service provision agreement.

g. For any other reason that shall be expressly indicated during our communication and permitted by the applicable law.

We do not transfer, share, rent or sell the personal data of our visitors for interest-based advertising to  unauthorized third parties.

5. How We Disclose Personal Data  

We do not transfer or share your personal data, except in cases outlined below. 

a. NET2GRID entities. We share personal data with NET2GRID entities in order to support the use of our website and app and provide our products and services, as well as for internal administration purposes.  

b. Service providers. We share Personal Data with a limited number of external service providers that are carefully chosen to provide services on our behalf, such as accounting, website support, data hosting, data analysis, information technology and related infrastructure, customer service,  advertising services, email delivery, or auditing services. These service providers may need to access  Personal Data to perform their tasks. We authorize such service providers to use or disclose the Personal  Data only to the extent and as necessary to perform their services on our behalf or comply with legal requirements. We require such service providers to engage contractually to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union. 

c. Business Partners. We share Personal Data with Third Parties and Business Partners when this is  necessary to provide products and services to our clients. Examples of Third Parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks), online signing applications and other possible professional service firms that we partner with, to the extent necessary to provide our products and services to our clients.  

d. Corporate transactions. In the event that we enter into, or intend to enter into, a transaction that alters  the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer,  change of control, or other disposition of all or any portion of our business, assets or stocks, we may share Personal Data with Third Parties in connection with such transaction. Any other entity which buys us or part of our business or Applications will have the right to continue to use your Personal Data, but  only in the manner set out in this Privacy Policy unless you agree otherwise.  

f. Compliance. We share Personal Data as we believe necessary: (i) to comply with the applicable law, (ii) to enforce our contractual rights, (iii) to protect the rights, privacy, safety and property NET2GRID, you or others, and (iv) to respond to requests from courts, law enforcement agencies, regulatory authorities, data protection authorities, and other public and government authorities, which may include authorities outside your country of residence.  

6. Sale and Sharing of Personal Data

NET2GRID will not use, share or sell your personal information to any unauthorized third party for their advertising purposes or for those not related to the objectives described here. We only partially share some of your information with our service providers for the purposes described herein. The use of your data for any other purpose than listed here would be only after your consent.

 

7. Cookies And Links to External Connections

Our website uses cookies, external links and other technologies that allows for its proper operation including advertising, and also for information security and data protection purposes. Cookies are small text files that are stored in a computer’s browser directory which are used to compile aggregate data about website traffic and interaction so that we can offer better experience and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. Cookies are also used to store current session/login information for the Service.

In this way, we collect and process information about you, other websites and online services including browser and device data, IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of other websites you are visiting, as well as usage data, such as time spent on websites, pages visited, links clicked, language preferences, and the pages that led or referred you to our website. We also collect information about your online activities on these websites and connected devices over time and across third party websites, devices, apps and other online features and services.

External Connections are internet connections that are used to connect with third party websites, apps, documents. Third party websites and applications operate independently from NET2GRID and have their own privacy notices or policies, which we strongly suggest you to review. If any linked website is not owned or controlled by us, we are not responsible for its content, cookies, and external connections, any use of the website or the privacy practices of the operator of the website. NET2GRID bears no responsibility for the content of the documents and the opinions expressed through them by their author.

 
Below we provide a list of commonly used cookie types and the purposes that apply to them. This list is not exhaustive, and describes the main reasons why we typically use cookies and external connections.

 

• Necessary Cookies: Some cookies are essential to the operation of our website, make them usable, and secure by enabling basic functions like page navigation and access to secure areas of the website.  

 

• Autofill cookies: These cookies allow us to save the information filled by the visitor into our forms, and not have to fill them again manually the next time that they wish to fill a form on our website.

 

• Fraud Prevention and Detection: Cookies and similar technologies that we deploy through our website help us learn things about how computers and web browsers are used to access the website. This information helps us monitor for and detect potentially harmful or illegal use of our website. 

 

• Security. To protect visitor’s data, as well as information provided through our website from unauthorized access and use. 

 

• Preference Cookies. Preference cookies are used to remember your preferences and to recognize you when you return to our website. 

 

• Analytics Cookies. Analytics cookies help us understand how visitors interact with our website. We use such cookies in a number of different ways, including to remember how you prefer to use our website so that you don’t have to reconfigure your settings each time you visit our website or log into your account and to make our website work better for you. They also give us useful insight to improvements or enhancements we need to make to our website.   

 

• Advertising Cookies. We will use cookies to direct advertisements to our visitors through targeted advertisements for our products and services and to measure your reaction and engagement with those ads.  

We have implemented a Cookie Banner that you can use to consent or decline consent in regards to all cookies and external connections that are not technically necessary for the use of our website by the visitor, if any. You can choose and amend your preferences and also withdraw or provide your consent in a later time through the Cookie Banner, with the exception of those cookies that are technically necessary for the proper operation of our website. Your web browser may also allow you to manage your cookie preferences, including deleting and disabling cookies. If you choose to disable cookies, some features of our website may not operate as intended. For more information about the cookie functions on your web browser, you can visit:

 

• Microsoft Internet Explorer

• Google Chrome

• Apple Safari for Mac

• Apple Safari for iOS

• Mozilla Firefox

• Android Browser

​

NET2GRID bears no responsibility about the capabilities and functions provided by the web browser of your choice.

8. Registration On Our Website 

The visitor has the possibility to register on parts of NET2GRID website. The respective form used for the registration determines what Personal Data is to be transmitted to NET2GRID for registration purposes. 

The Personal Data entered by the visitor are collected and stored for use by NET2GRID for its own business purposes. NET2GRID is the controller of such processing and may transfer the Personal Data to one or more Processors (e.g., a hosting provider) to execute specific operations on our behalf. Registered persons are free to change the Personal Data provided during the registration at any time, or to have them completely deleted from our database. Users have also the right to deactivate their registration.

By registering, the IP address, the date and time of the registration are also stored for traffic monitoring and security reasons. This data is not transferred to third parties unless under your consent or according to a legal or statutory obligation.

9. Subscription To Our Newsletter - Tracking

Visitors may subscribe to NET2GRID’s newsletters through our website. The form used for this purpose determines what Personal Data is collected.  

NET2GRID informs its customers, partners and interested parties regularly by means of a newsletter about company news, new products and services, milestones and presence in events. The subscribed person may only receive the newsletter if (1) has a valid e-mail address and (2) has completed the newsletter form. A confirmation email will be sent to the e-mail address indicated via the newsletter form.

During the registration for the newsletter, we also store the IP address used by the data subject at the time of registration, as well as the date and time of registration.

The data collected as part of the registration process will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by email, as long as this is necessary for the operation of the newsletter in the event of modifications to the newsletter service or in the event of a change and due to technical circumstances. There will be no transfer of personal data collected over the newsletter form to unauthorized third parties. 

The newsletter also contains the so-called tracking pixels. A tracking pixel is a miniature graphic embedded in newsletter emails to enable log file recording and analysis. This allows a statistical analysis of the success or failure of email marketing campaigns. Based on the embedded tracking pixel, NET2GRID may see if and when a recipient opened the newsletter email, the IP address of the recipient, and which links in the newsletter were called up. These data will not be transferred to unauthorized third parties.

Such personal data collected over the tracking pixels are stored and analysed by NET2GRID in order  to optimize and send the newsletter, as well as to adapt the content of future newsletters to the interests of the recipient. 

The data subject may unsubscribe from our newsletter list and thus revoke consent to the processing of the personal data provided for the newsletter subscription at any time following the corresponding link found in each newsletter.

10. Contact Possibility Via The Website Or YNNI App

Our website and app contains information that enables a quick electronic contact to, as well as direct communication with NET2GRID. If you wish to contact NET2GRID by e-mail or via a contact form, the personal data collected and transmitted through this form are automatically stored for the purpose of contacting the Data Subject, in compliance with applicable law (e.g. statutory retention periods). There is no transfer of this personal data to unauthorized third parties.  

11. Rights Of The Data Subject

The data subject whose personal data we collect and process as described above has the following rights which stem from GDPR and the applicable national legislation.

a) Right to be informed   
b) Right to access   
c) Right to rectification  
d) Right to erasure (Right to be forgotten) 
e) Right of restriction of processing   
f) Right to data portability  
g) Right to object  
h) Automated individual decision-making, including Profiling  
i) Right to withdraw consent

 
If the Data Subject wishes to exercise any of the above data subject rights, he or she may, at any time, contact the our Privacy Officer using any of the contact means provided hereby, or if this is not feasible, contact NET2GRID via any of the given contact points, indicating the purpose of the communication and the request. NET2GRID may contact you in order to resolve the request. NET2GRID may contact you in order to request more information for the justification of the request and to notify you about the outcome of the request.  

12. Job Applications and Candidates  

NET2GRID collects and processes Personal Data of candidates for the purpose of evaluating these  candidates. Processing may be carried out electronically. This is – in particular – the case, if an applicant submits corresponding job application documents by email. If NET2GRID concludes an employment contract with an applicant, the submitted data will be stored for the purpose of concluding and executing the employment contract during the term of the employment relationship in compliance with applicable legal requirements. If no employment contract is concluded with the applicant, the job  application documents will be automatically erased six months after notification of the refusal decision,  provided that no overriding legitimate interests of NET2GRID are opposed to the erasure.

13. Legal Basis For The Processing   

Art. 6(1) lit. a GDPR serves as the legal basis for processing for which we obtain data subject’s consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the Data Subject is or shall be a party (e.g. when processing is necessary for the negotiation of pilot agreements or commercial agreements for our products and services), the processing is based  on Article 6(1) lit. b GDPR. The same applies to such processing which is necessary for carrying out pre-contractual actions and events. If our company is subject to a legal obligation by which processing of personal data is required (e.g. for the fulfillment of tax, social security and other obligations), the processing is based on Art. 6(1) lit. c GDPR. In some cases, the processing of personal data may be necessary to protect the vital interests of the Data Subject or of  another natural person. This would be the case, for example, if a visitor was injured in our company and his/her name, age, health insurance data or other vital information would have to be communicated to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. There could also be the case, where the processing will be covered by the legitimate interests pursued by our company except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. Such processing operations are particularly permitted by Art. 6(1) lit. f GDPR.  

14. Retention period 

NET2GRID has implemented a Retention Policy observing the respective legal obligations and in compliance with the ISO 27001 standard. The criteria used to determine the retention period of Personal Data is the purpose and legal basis of processing and the category of the data. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract or if required by the applicable law or if not justified by reference to the legitimate interests of the company. Personal data of users of the website and of YNNI app are kept for as long as the consent provided by the data subject is not raised, or until the data subject submits a request for deletion, following the procedure provided hereby. Personal data of candidates are kept for as long as the selection process continues.

15. Account deletion

Users of the YNNI app may delete their account at any time. NET2GRID reserves the right, but is under no obligation to, to delete accounts that remain inactive (i.e., the user fails to log in) for a continuous period of at least six (6) months. To delete an account, the user must log in to the YNNI app and choose “Delete my account” in the account settings page. Upon deletion of the account, NET2GRID permanently deletes all the personal data related to that account, i.e. profile data (name, surname, home information, etc.), energy consumption data, energy measurements and energy insights.

​

16. International Data Transfers  

As a SaaS provider, Personal Data may be stored and processed in any country where we have operations or where we engage external service providers. We may transfer Personal Data that we collect to third parties in countries other than the country in which the Personal Data was originally collected. Those countries may have Data Protection rules that  are different from those of your home country. However, we will take measures to ensure that any such transfer complies with applicable data protection legislation and that Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more mechanisms, such as country specific Standard Contractual Clauses with a Data Recipient outside the EEA, Switzerland or the UK. 

17. Information security and privacy

As an IT company, we are in the position to know that possible security gaps and threats exist and that absolute data security and privacy may not be achieved. Hence, we are sensitized and oriented towards establishing a safe digital environment for our visitors, to the extent possible. To this, NET2GRID takes appropriate and reasonable technical and organizational measures to safeguard personal data against loss, theft and unauthorized access, disclosure, alteration, misuse, or destruction. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately. NET2GRID may communicate with you regarding privacy and security issues affecting the information collected about you. You can also contact us for more information about the implemented information security and privacy measures, in the contact details provided hereunder.

18. Updates To This Privacy Policy And Notifications  

NET2GRID may update and change this Privacy Policy from time to time to reflect new website functions, products and services, changes in our application and to our Personal Data practices or relevant laws. Any changes are effective from the time that the revised Privacy Policy is published on our website and our app. We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website, Ynni app and/or by contacting you through your contact details.  

19. US Addendum - California Residents

This article provides additional information regarding the use of personal information collected from and about California residents as well as the rights of California consumers under the California Consumer Privacy Act (CCPA) and any other applicable state law. 

​

a. Definitions: 

 

1. Personal information categories under the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. 

2. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

3. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

4. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

5. Internet and similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

6. Geolocation data. Physical location or movements.

7. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.

8. Professional or employment-related information. Current or past job history or performance evaluations.

9. Non-public education information. Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

10. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

​

b. Collection, use, and disclosure of personal data. NET2GRID may collect personal data of yours as described in articles 3 and 4 herein. NET2GRID does not collect Protected classification characteristics, Commercial information, Biometric information, Geolocation data, Sensory data, Non-public education information and does not draw inferences from other personal information, except if voluntarily provided by you.

​

We share this information with our entities and partners, as well as with public and law enforcement authorities as described in article 5 herein. We use cookies, including advertising cookies, as described in article 7 herein. 

​

c. Interaction with children. NET2GRID does not collect and process in any way personal data of children.
 
d. Rights and choices. As a California resident, you can exercise the following rights as provided by the applicable law, in addition to those mentioned in article 11 herein:

​

 

1. Right to know. You may request, up to twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months: 

   • the categories and specific pieces of personal information we have collected about you;  

   • the categories of sources from which we collected the personal information;  the business or commercial purpose for which we collected the personal information; 

   • the categories of Third Parties with whom we shared the personal information; and  the categories of personal information about you that we disclosed for a business purpose, and the categories of Third Parties to whom we disclosed that information for a business purpose. 

2. Right to delete. You have the right to request that NET2GRID permanently deletes the personal information we have collected from you, subject to certain limitations under applicable law. 

3. “Do not sell”. You may request to refrain from selling your personal data. 

4. Non-discrimination. NET2GRID takes all necessary and appropriate measures to ensure that we will not discriminate against you in any case for exercising the rights ascribed to you. 

 

To submit a request to exercise any of the rights described above, please follow the process described in article 11 herein.

​

Contact us
Please feel free to contact us if you have questions regarding our privacy, this policy or data processing and security practices. 
 
For information security and privacy topics, you can email us at security@net2grid.com
To contact our Privacy Officer, you can email us at dpo@net2grid.com