Privacy Policy

1. Introduction

Welcome to PowerInsight ("the Service"), operated by PowerWorks Energy Sweden AB (organization number 559337-8838, located at Auroragränd 1, 127 61 Skärholmen, Sweden)—referred to in this document as "we," "us," or "our." This Privacy Policy explains how we collect, use, store, and protect your personal information when you access or use PowerInsight. We are committed to safeguarding your data in accordance with the General Data Protection Regulation (GDPR) and relevant Swedish regulations.

2. Who We Are

We are a Sweden-based company specializing in Battery Energy Storage Systems (BESS) and related value-added services. PowerInsight is our online portal that helps customers monitor BESS performance, generate monthly reports, and (optionally) facilitate reporting to the Swedish Energy Agency's "Cesar" system for guarantees of origin. Under EU data protection laws, we are considered a Data Controller for any personal data we handle about you.

3. Scope and Eligibility

Business-to-Business Service
PowerInsight is offered exclusively to registered customers of PowerWorks Energy Sweden AB. You must have purchased a BESS or hold a service agreement with us that includes PowerInsight access.

Location
The Service is currently available only in Europe.

4. How We Collect Your Data

We collect information about you in several ways:

Direct Interactions

• When you or your organization fill out registration forms, contact forms, or otherwise provide details (e.g., name, email) to create a PowerInsight account.
• When you reach out to our support channels (via email, phone, or chat).

Automated Means

• Cookies & Similar Technologies: We use cookies or similar tracking technologies to remember your session, log usage data, and adjust site preferences (like dark mode).
• Usage Logs: Our servers automatically record technical information (e.g., IP address, browser type, time of access) for security and troubleshooting.

Third-Party Sources

• If we receive your details from a partner or affiliate who indicates your interest in our services.
• Data provided by the Swedish Energy Agency (Cesar), if you delegate us to handle your guarantees of origin reporting.

5. Types of Data We Collect

Personal Data

• Name: Used to identify and address you.
• Email Address: Used for account creation, login credentials, password resets, notifications, and monthly performance reports.
• Contact Details: May include phone number or address if needed for support or contracting purposes.
• Login Credentials: Consist of username and/or password for PowerInsight.
• (Optional) MeteringPointId (Anläggnings ID): For customers who opt into guarantees of origin reporting, so we can report relevant data to the Swedish Energy Agency.

Sensitive Data: We do not knowingly collect sensitive personal data such as social security numbers or health records. Please refrain from providing such data via our forms or communications.

Non-Personal Data

• Device & Preference Data: Browser type, operating system, screen settings, or 'dark mode' preference for UI adjustments.
• Aggregated Usage Statistics: General usage patterns, performance metrics, or anonymized data for analytics.
• Technical Logs: IP addresses, timestamps, page requests, error logs, etc.

6. How We Use Your Data

We use your personal and non-personal data for the purposes below:

Providing and Maintaining PowerInsight

• Generating monthly performance reports for your BESS.
• Allowing secure login and user account management.
• Adjusting the interface (e.g., dark mode) to your preferences.

Communication and Support

• Sending account-related notices, password reset links, security alerts, or changes to our Privacy Policy.
• Addressing your support inquiries or product feedback.

Guarantees of Origin Reporting (Optional)

• If you opt in, we use your MeteringPointId and relevant BESS data to submit energy production details to the Swedish Energy Agency (Cesar). This requires you to appoint us as your delegate/agent.

Business & Contractual Obligations

• Enabling secure payment or invoicing (if applicable).
• Meeting legal, regulatory, or contractual obligations.

Analytics and Improvements

• Understanding general usage trends to improve features, user interface, and security.
• Testing, troubleshooting, and optimizing performance.

7. Legal Bases for Processing (GDPR)

Our processing of your personal data is based on:

• Performance of a Contract: We process your data to fulfill our contractual obligations—creating your account, generating reports, and providing technical support.
• Legitimate Interests: We process limited data (e.g., log files, aggregated usage) to secure our platform, prevent fraud, and improve service quality.
• Consent: If required by law (e.g., certain types of emails or features like guarantees of origin reporting), we rely on your explicit consent. You can withdraw consent at any time by contacting us.

8. Data Sharing and Sub-Processors

We do not sell or rent your data to third parties. We only share data in the limited scenarios below:

Service Providers & Sub-Processors

• Hosting and Infrastructure: We may use reputable third-party data centers or cloud providers to host our servers.
• Email and Support Tools: We may use email service providers or helpdesk platforms to send notifications, manage inquiries, or diagnose issues.
• Analytics Tools: We might use analytics platforms to track performance and usage trends.

Each sub-processor only processes data under our instructions, and we maintain data protection agreements to ensure GDPR compliance.

Swedish Energy Agency (Cesar)

• If you request guarantees of origin reporting, we share necessary data (e.g., MeteringPointId, energy production data) to fulfill your request.

Legal or Regulatory Requirements

• We may disclose your data if required by law, court order, government regulation, or to protect our rights, property, or safety.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law or contract. For example:

• Account Data: Stored while your PowerInsight account is active. If you delete your account, we remove or anonymize personal data within a reasonable period, subject to any legal record-keeping requirements.
• Usage Logs: Kept for security auditing, troubleshooting, and analytics for a limited duration (e.g., 6–12 months), unless a longer retention is required by law.

10. International Data Transfers

Our primary operations are in Sweden. If any of our sub-processors or service providers are located outside the European Economic Area (EEA), we ensure that adequate safeguards (e.g., Standard Contractual Clauses, robust data protection measures) are in place to comply with GDPR.

11. Security Measures

We prioritize the security and confidentiality of your data:

• Technical Safeguards: Industry-standard encryption (e.g., SSL) for data in transit, secure access controls, routine vulnerability scans, and independent penetration tests.
• Organizational Measures: Staff background checks (where allowed), confidentiality agreements, and regular security training.
• User Responsibility: Keep your account credentials confidential. Avoid sending sensitive data via email.

12. Your Rights Under GDPR

As a user in Europe, you have certain rights regarding your personal data:

• Access: Request a copy of your personal data.
• Rectification: Correct or update inaccurate information.
• Erasure: Ask us to delete or remove data that is no longer required or if processing is unlawful.
• Restriction: Request we limit how we process your data in specific scenarios.
• Data Portability: Obtain your data in a structured, commonly used format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: For any activities relying on consent, you may withdraw that consent at any time.

To exercise these rights, please email us at info@powerworks.energy. We will respond within GDPR-mandated timelines.

13. Changes to This Privacy Policy

We may update this Privacy Policy to address changes in our business or legal requirements. We will post a notice on our website and update the "Last Updated" date at the top. Significant changes may be announced by email. If you disagree with any changes, you may stop using PowerInsight and request deletion of your data.

14. Contact Us

For questions, concerns, or to exercise your data protection rights, please contact:

PowerWorks Energy Sweden AB
Auroragränd 1, 127 61 Skärholmen, Sweden
info@powerworks.energy