Protection of personal data policy 

What is electris’ role in the protection of your privacy?

The protection of personal data policy (hereafter the “Privacy Policy”) governs the manner according to which electris Luxembourg S.A, whose registered office is located at 9, rue Robert Stumper, L-2557 Luxembourg, registered with the Luxembourg Trade and Companies Registry under number B261587 (hereafter designated “electris”), an affiliate of the Encevo Group, collects, uses, processes and/or communicates personal data of natural persons (such as “Prospects”, “Customers” or “Users” or “Professionals”) in relation to the installation of equipment and provision of technical services in the energy sector and/or the use of websites, mobile applications, and digital services (collectively referred as the “Services”).

electris carries out an activity of sale and installation of equipment, and realizes technical services in the sectors of construction, energy management and distribution, renewable energy production, electromobility, and energy efficiency (battery, heat pumps, etc…). The Services also encompass services such as access to and management of the customer portal, customer accounts, organization of commercial and marketing operations, as well as communication with Clients, Professionals, and, more generally, Users.

Within the framework of the Privacy Policy, electris acts as data controller (“Data Controller”). The Privacy Policy aims to provide transparency about your personal data either collected directly from you or indirectly, notably coming from publicly available sources. We process your personal data as part of the conclusion and execution of your contracts and to better handle your requests, complaints, and any potential disputes. We share certain data with technical service providers (“Data Processors”) based on your consent and/or with third parties to comply with the Law.

We inform you that we recently updated our Privacy Policy concerning the concept of legitimate interests, the type of data collected, for which purposes and on which legal basis (cf. the Schedule below) and concerning the retention periods.

Our commitment to comply with data protection Law

electris acknowledges and undertakes to comply with the national laws and regulations applicable to the protection of personal data (the “Law”), and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).

Your points of contact

As Data Controller, electris considers the protection of your personal data to be of great importance and has appointed a data protection officer (hereafter the “DPO”) that you can contact for any questions you may have. The main role of our DPO is to ensure that personal data of employees, Prospects, Customers, Professionals and generally speaking Users, are processed in compliance with the Law and the GDPR within the framework of the activity of the company.

For any questions about the processing of your personal data, please feel free to contact electris or its DPO at the following addresses:

COMPANY

Contact by post or by telephone

Contact by email

electris Luxembourg S.A.

Attn Data Protection Officer

9, rue Robert Stumper

L-2557 Luxembourg

Tel: +352 28 83 80 80

dpo@electris.lu

How to stay involved in the treatment of your personal data?

We invite you to read this Privacy Policy. If you are already in contact with electris, please also check the contracts by which you are bound because they may contain further details on how we collect and process your data. Please note that these personal data will only be used for the specific reason for which they were transmitted. By contracting with us or by using our Services, you acknowledge and accept the treatment of your personal data in accordance with electris’s Privacy Policy.

When and how do we collect data?

As from your first interaction with us or with third parties, personal data are collected through various digital channels (by email, by navigating on our web sites or through social media) and by correspondence in writing (letter, messages) or verbally (during a physical meeting or by telephone). The Privacy Policy is applicable regardless of the communication channel or the method used to collect your data.

Data provided by you

Data provided by electris



You browse any page of our websites

You place a request for any of our products/services

You sign a contract for specific products/services

You buy/purchase, use or and/or are supplied with our products/services


You receive an invoice for our products/services

You pay an invoice.

You contact us for any kind of customer service or support.

Optional: By opting-in, you can give us your clear and explicit consent to process your personal data for a specific purpose (marketing, newsletter, digital onboarding, customer portal) ​.

The Schedule below provides more details about the type of data we collect, for which purposes and the legal basis on which we process your personal data.

What are our “legal bases" for processing your data?

In the framework of our activities, we collect and process several types of personal data depending on the offers and services you have subscribed to and the forms you have filled-in on our websites. This processing is based on one of the following legal bases:

a. Contract: We process your personal data within the extent it is necessary to execute the contract you have entered with us and/or for the needs of the pre-contractual relationships.

b. Consent: We process your data on the basis of a clear and explicit consent (by ticking the box or clicking) that you have given to us for a specific purpose.

You can change your mind! If you have previously given consent to the processing of your personal data, you can freely withdraw such consent at any time by sending an email to the DPO at the email address provided on page 2 of the Privacy Policy.

If you withdraw your consent, and if we do not have another legal basis for processing your personal data, then we will stop processing such data. If we have another legal basis for processing your data, we will limit our processing to what is strictly necessary with regard to the purpose of the concerned treatment.

 c. Legitimate interests: In the following cases, we process your data on the basis of our legitimate interests within the limits of what you can reasonably expect in the interactions with us and as long as there is no other legal basis for such processing. Our legitimate interests are:

·       gaining insights to identify your needs regarding equipment or technical services related to energy,

·       provide, develop, and improve products and services provided by electris,

·       enhance, customise or improve the User’s experience as a Customer or as a Professional,

·       improve the quality of our services and the training of our employees,

·       strengthen data security.

In each case, we ensure to find a balance between your rights and our legitimate interests. For more information about such balancing, you can contact the DPO by email at the address provided on page 2 of the Privacy Policy.

d. Law: We process your personal data in accordance with the Law and the legislation applicable to our field of activity.

How and why, we process your data?

In the schedule below, you will find the detail of (i) the categories of personal data that we collect, (ii) the purposes for which we process such data, (iii) the legal basis associated with each purpose.

When collecting data, we indicate which information is mandatory or necessary for the conclusion of the contract. Failure to provide such data will prevent us from entering into a contract with you. Optional information is indicated as "optional".

Context

Type of personal data[2]

Purposes of the processing

Legal basis

Browing our websites

Ø Cookies

 

§ Improve the design, content, and usability of our website

-   General Terms of Use

-   Cookie Policy (based on consent)

Sales of equipment (heating/cooling, ventilation, sanitation, lighting)

 

Sales of equipment in renewable energies (charging stations, solar panels, heat pumps, LED)

 

Technical services related to energy

 

Ø Identification data

Ø Communication Data

Ø Contractual data

Ø Production Data

 

 

Ø Billing Data

Ø Financial Data

 

 

§  To identify and process your request

§  To provide you with a quote/commercial offer

§  To conclude and execute a service contract (installation, works, etc.)

§  To communicate with technical partners and subcontractors

§  To participate in tenders and submit an offer matching the catalog of requirements

 

§  To create a customer account allowing access to your user profile (optional)

§  For billing

§  To collect payments, manage and recover payments

 

§  To manage disputes and amicable resolutions

§  To combat fraud and corruption

-   Privacy Policy

-   Pre-contractual information

-   Conclusion and execution of a contract

 

 

 

 

 

 

-   Legitimate interests (economic and commercial)

 

 

 

 

- Legitimate interests (enforce our rights and defend our interests)

Electro mobility services

Ø Communication Data

Ø Consumption Data

Ø Financial Data (SEPA, etc.)

 

§  To provide charging services (access to charging station networks, consumption measurement)

§  For platform use (access, viewing, and monitoring consumption)

§  For consumption reimbursement services

§  To communicate with the network manager and balancing responsible party, technical partners, and subcontractors (measurement, etc.)

-   Conclusion and execution of a contract

 

Exchange and communication with our services

Ø Communication Data

§  To improve the user experience and facilitate communication and satisfaction surveys

§  To improve service quality and employee training

§  To manage your rights

- Legitimate interests (economic and commercial, quality service)

 

- Legal obligations

Commercial activities

Ø Communication Data

§  For marketing operations based on your consent, such as to receive:

-      Commercial offers on our goods or services

-      Advice on energy efficiency measures

-      Commercial offers from technical or commercial partners (craftsmen, installers, electric vehicle rental companies), etc.

- Content (Opt-in)

 

What about sensitive data?

We don’t collect any sensitive data as defined by the GDPR (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences).

What are your privacy rights?

You have personal rights regarding your data that you can exercise in accordance with the Law and the GDPR, including a right of access, right to correct, right to erasure, a right to restrict a treatment, right to oppose (right to be forgotten), and a portability right.

If you want to exercise or get more explanation about any of these rights, please contact the Data Protection Officer at the following address: dpo@electris.lu. We will answer you within a reasonable delay, not exceeding one month as from the date of your request.

Such right can be exercised to the extent it does not adversely affect the rights and freedoms of others. Under certain circumstances, some rights such as the right to be forgotten or the portability right can be exercised subject to conditions, for example, they shall not prevent the execution of ongoing contracts or prevent us from complying with our obligations or obstructing any possible legal proceedings. In such cases, we will provide you with any further explanation which might be relevant to you.

a. You have the right to access to the personal data we hold about you. Please refer to the Schedule above. You can ask us whether your personal data is being processed or not and request further details about the processing of your data.

b. You have the right to request an update, an addition or a correction of any personal data which is inaccurate, incomplete, or wrong. Please inform us about any update or inaccuracy you may have noticed by sending an email at  dpo@electris.lu.  

c. You can request the erasure of your personal data under certain circumstances. This right may be subject to limitations as mentioned above.

d. You can ask the restriction of processing of your personal data under certain circumstances. This right means that the treatment we operate on your personal data is limited, so that we can retain some data, but we cannot not use or process them for any other purpose(s).

e. You have the right to object to the processing of personal data (“right to be forgotten”). This means that you can request us to stop using your personal data, notably for direct marketing purposes. We will do so as long as such data are no longer necessary for the provisions of services.

f. You have the right to ask for the portability of your personal data carried out by automated means. You can request to receive directly your personal data in a structured commonly used and machine-readable format. The data will be given in MS Excel format directly to you so that you can transmit it to another controller and/or where technically feasible, your personal data will be transmitted directly to another controller.

Such right can be exercised to the extent it does not adversely affect the rights and freedoms of others. In such case, we will provide you with any further explanation which might be relevant to you.

g. You have the right to lodge a complaint with the relevant supervisory authority, i.e. the “Commission Nationale de Protection des Données (“CNPD”).

We provide several channels to exercise your rights so that you can choose the more convenient to you. For any questions/concerns, please contact us at the following addresses so that you have a chance to address your request in the best delay:

- by post: electris Luxembourg S.A., to the attention of the DPO 9, rue Robert Stumper L-2557 Luxembourg

- by phone: +352 28 83 80 80            by email: dpo@electris.lu

How we secure the data we collect?

electris has implemented appropriate physical, technical, and organizational security measures to protect your personal data against unauthorised access, alteration, disclosure, theft, destruction or other accidental or unlawful forms of processing in accordance with the Law, GDPR and generally accepted standards of technology and operational security.

We have set-up internal security policies, and we require our Data Processors to comply with the Law and GDPR. They are bound by contractual obligations related to confidentiality, processing and security measures to prevent unauthorised access, use, theft, destruction and disclosure of personal data.

Security issues being a general matter concerning everyone, we advise you to remain vigilant and take any useful or necessary precaution to guarantee the confidentiality of your password and your access code to the customer account.

How do we store and transfer your personal data?

Your personal data are stored with the European Union either by our organization or by our service providers (Data Processors). In the event a transfer of personal data outside the European Union or outside the European Economic Area (EEA) is contemplated, such transfer will only take place provided the appropriate safeguards provided by articles 44 to 47 of the GDPR are in place, i.e. :

-  If there is an adequacy decision issued by the European Commission recognizing that the country of the recipient presents an adequate level of protection for personal data, we can rely on such instrument. More information is available here:   https://cnpd.public.lu/en/legislation/droit-europ/union-europeenne/rgpd/chapitre-5.html;

-  By concluding a contract including the standard contractual clauses (SCCs) approved by the European Commission; More information is available here: https://cnpd.public.lu/fr/actualites/international/2021/06/modernisation-cct.html;

-  By using any other mechanism meeting the requirements of the GDPR.

How long do we retain your data?

electris has taken all reasonable measures to ensure that your personal data are processed for the minimum period necessary for the purposes set out in this Privacy Policy. The criteria to determine the duration during which we retain your personal data in connection with the Services are as follows:

·       as long as we maintain a contractual relationship with you (e.g., where you are a partner or beneficiary of our Services, or you are lawfully included in our mailing list, and you have not unsubscribed);

·       as long as your personal data are necessary in connection with the lawful purposes set out in this Privacy Policy, for which we have a valid legal basis;

·       until the end of the calendar year following the end of the limitation period under applicable laws.

The main retention periods are the following (for Luxembourg):

-    For prospects: up to 3 years from the date of collection or from our last contact,

-    For clients:

o   contractual and commercial communications: 10 years form the end of the contract,

o   Payment and invoicing information: 10 years from the closure of the relevant financial year to comply the laws and regulations,

-    For Professionals: 10 years as from the end of the Contract,

-    For Users of websites: up to 3 years from the data collection,

-    - For cookies, please consult our Cookies Policy at the following address www.electris.lu/cookies

Despite these retention periods, your data may be archived with restricted access for a further period for limited reasons as permitted by law (default payment, warranty, disputes, etc.). electris undertakes to delete or to anonymise your personal data upon expiry of the retention period as described above.

To whom your data are shared?

We communicate certain data to our technical partners on basis of your consent and/or to third parties in compliance with the Law. We share personal data with Data Processors within the limit of what is necessary for the performance of the services entrusted to them. In accordance with the terms of the contracts by which they are bound, Data Processors process data in compliance with GDPR on the basis of our instructions in relation to defined purposes and ensure to implement appropriate technical and organisational security measures.

We use the following categories of recipients to provide Services (a list of contracting entities can be shared upon request):

- affiliated companies within the Encevo Group for intra-group services (accounting, finance, legal, IT, etc.),

- Database, sales administration, and market interaction software providers,

- Professionals equipment installers (craftsmen, technicians, electricians),

- Technical services providers (charging station operators, customer support);

- Credit reference and fraud prevention agencies to assess your ability to make payments, credit decisions, identity checks, fraud and money laundering prevention and account management. Credit reference agencies will record the search on your credit file whether or not your application has been successful. (There is no automated decision making based on that research).

- Credit insurers,

- Survey provider and market research,

- IT/Cloud service providers,

- Telecommunication network operators and roaming services,

- Payment/debt collection agencies,

- Print service providers,

- Facilities’ service providers,

- Subsidies’ energy agencies and entities awarding the subsidies,

- Third party auditors, where applicable, to meet legal and regulatory obligations,

- Head-hunter and/or employment agency,

- Training service providers.

The data may be transmitted to third parties where this is required or expressly authorised by the Law, to enforce a provision of the law, or further to a judicial/regulatory decision if such disclosure is necessary in the context of an investigation or a legal proceeding and to protect the rights and interests, properties, safety and security of electris, our clients or other persons.

Changes to this Privacy Policy

The Privacy Policy will be updated regularly to consider legal, regulatory and operational changes. In case of important changes (e.g.: type of data collected, how we use it or for which purposes), we will highlight such change at the top of the Policy. You are invited to read the Privacy Policy regularly to be informed about its evolution and modifications. The continued use of the Services following the posting of any changes to this Privacy Policy will be deemed as an acceptance of those changes.


[1] Professionals refer to the craftsmen, technicians, and/or electricians with whom electris works.

[2] The content of the data categories (Customer Identification, Customer Communication, Contractual, Delivery Point, etc.) are defined by the Encevo Group's internal policies.