Effective: Aug 30, 2018
EnerNOC is committed to maintaining compliance with applicable laws governing data privacy and data security, and ensuring that its customers can have complete confidence in EnerNOC as a trusted partner. General Data Protection Regulation (GDPR) effective May 25, 2018 covers the collection, storage, use, and processing of personal data of EEA residents. For the purpose of EU data protection legislation, the data controller is EnerNOC, Inc. of One Marina Park Drive, Suite 400, Boston, Massachusetts 02210.
- We define your personally identifiable information (PII) as your:
- First Name
- Last Name
- Email Address
- Phone Number
- User Name
- The data elements listed above are the only personal data elements that we store. We also store data related to the organization that contracted with us and that you work for. For example, corporate address, energy consumption, energy monitoring devices and utility account data. We do not consider these elements as PII.
- We collect and store your PII only to perform the service that we are contracted to do.
- EnerNOC has an Information Security Policy and process to protect your PII. Part of this Policy is to make sure we notify you of any security breaches.
- EnerNOC will never sell your PII. We will not transfer your PII to any third party without disclosing to whom and why.
- EnerNOC will cooperate with you regarding your rights to access, correct, delete, and opt-out preferences. You can do so by contacting: firstname.lastname@example.org.
- EnerNOC will maintain our certification under the EU-US Privacy Shield.
- EnerNOC Data Privacy Officer is accountable for making sure everything stated here is truthful and up-to-date. You can reach our Data Privacy Officer by first emailing: email@example.com.
Personal Data processed for the purposes set out above will be kept in compliance with the principles of proportionality and necessity, and in any case until the purposes of the processing have been pursued.
Information Collected Automatically and Cookies
EnerNOC’s website(s) collect certain information about you automatically, including the domain that referred you to our website, the type of browser and computer operating system you use, navigational information, time and date of visit, Internet Protocol (IP) addresses, and cookies (as described in more detail below).
What are cookies?
A cookie is a small file that attaches to a computer or web browser when accessing or viewing a website. We use both session cookies and persistent cookies. Session cookies are used during a single website visit and are automatically deleted from your computer when you close your browser. Persistent cookies are used to track website activity over a longer period, and remain on your browser or computer until either you choose to delete them or they expire.
EnerNOC uses persistent cookies in several places on our website so we can pre-populate forms to improve your ease of use. For example, the information provided during a brochure download is captured so that you do not need to enter it again when requesting additional documents. EnerNOC may also use persistent cookies to collect analytical information about how visitors use our website. For example, we may measure website usage, access to online services, and the level of interest in particular products. We use this information to improve our service and provide a better experience for visitors to our website.
When we post videos, third parties may use local shared objects, known as “Flash Cookies,” to store your preferences for volume control or to personalize certain video features. Flash Cookies are different from browser Cookies because of the amount and type of data and how the data is stored.
Do I have to accept cookies?
Cookie management tools provided by your browser will not remove Flash Cookies. To learn how to manage privacy and storage settings for Flash Cookies, click here: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com/uk.
Accessing, Updating, and Deleting Information
You may request access, corrections, or deletions of your information by contacting firstname.lastname@example.org. We will use commercially reasonable efforts to honor your request. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. Please note that if you request deletion of your information, we may be required by law to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may also retain your information for fraud or similar purposes.
EnerNOC Solutions: Information Collection and Use
In order for you to use or access a Solution, you must expressly consent to EnerNOC’s access to certain information in order to provide you with the applicable Solution. EnerNOC may collect information from the Solution meters installed on your site. If you received our Solution through a utility company (“Utility”), we may receive information from your Utility. If you received our Solution through one of our distributors or resellers, including but not limited to, one of our affiliates that market our Solution, we may receive information from such party. In addition, we collect any information which you provide to us directly. Information collected through the foregoing methods includes your customer contact information, financial information, account information, customer metadata, energy costs, energy behavioral analytics information, and energy usage and performance data.
Our website also makes use of Remarketing with Google Analytics, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. EnerNOC and third party vendors, such as Google, may use first-party cookies (such as the Google Analytics cookies) and third party cookies (such as the DoubleClick cookie) together to (i) inform, optimize, and serve ads based on your past visits to our website and (ii) report how your ad impressions, uses of ad services, and interactions with the foregoing are related to your visits to the website. In addition, EnerNOC may utilize Google Analytics data, including but not limited to, geographic, demographic, and interest reporting information to recognize and understand user preferences; make improvements to our website, products, and services; and for other business purposes that will allow us to better serve you. You may prevent your data from being collected and used by Google Analytics by opting out through the use of the Google Analytics Opt-out Browser Add-on available at: tools.google.com/dlpage/gaoptout.
In addition, we use “Pixel Tags” (also referred to as clear gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of Web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags also allow us to send e-mail messages in a format users can read, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users.
EnerNOC Websites: Information Collected When Voluntarily Provided
Registration forms on our website require you to provide accurate business contact information, which helps us deliver high quality service. This may include your name, postal address, email address, telephone number, username, password and demographic information. With your consent, we will send you marketing emails from us and any co-sponsors of a webinar or other event. Information that you provide may be used to send you information about our company, the co-sponsor companies, and the products and services, special offers, and newsletters of our company and the co-sponsor companies which may be of interest to your business. To view or modify information previously submitted, or to opt out of receiving future marketing communications via email, click the unsubscribe link provided at the bottom of the email communication you receive. Please be aware, that even if you opt out of marketing emails, we may still provide to you administrative and operational emails regarding the EnerNOC website and the Solutions. We may also collect information from you at other points on our website that state that information is being collected.
We often receive testimonials and comments from users who have had positive experiences with our Solutions and services. We occasionally publish such content on our website, emails, and other marketing material. When we publish this content, we obtain the user’s consent prior to posting the user’s information along with the testimonial.
Information Collected from Third Party Companies
We may receive information and/or Anonymous Data (defined below) about you from third party companies. We may add this information to the information we have already collected from you.
In general, information collected by EnerNOC may be used for the following purposes:
- Communicating with you concerning our Solutions and services;
- Responding to questions or requests you submit;
- Enabling us to fulfill any contractual obligation owed to you;
- Providing our Solutions and services, including our Solutions and services provided in conjunction with Utilities (as defined below);
- Improving our website, Solutions and services;
- Analyzing and optimizing any EnerNOC website;
- As necessary or appropriate to: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements ; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others;
- Notifying you about changes to our Solutions and services and sending you offerings of products and services in which you may be interested; and
- Sending you marketing emails as described in the “Information Disclosures” section below.
We may anonymize your information by excluding information (such as your name) that makes the data personally identifiable to you (“Anonymous Data”). We use this Anonymous Data, in part, to analyze request and usage patterns so that we may enhance our services. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in our sole discretion.
We disclose information to third party entities in the following ways or circumstances:
- When we have your consent – you acknowledge that EnerNOC does not control or have responsibility for the manner in which such third parties use or further disclose your information;
- To our subsidiaries and affiliated companies;
- To third party businesses or persons who act as our service providers, including but not limited to, Utilities and providers who process information on our behalf;
- For our Energy Procurement Services we distribute contact, facility, usage information to enable transactions to be consummated on our site (such as at the end of an auction). We will not sell, rent, loan, trade or otherwise offer your personal information to third parties except to enable business you choose to transact.
International Data Transfer
E.U. – U.S. Privacy Shield
As described in the Privacy Shield Principles, EnerNOC is accountable for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, EnerNOC commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: email@example.com or (617) 692-2629.
EnerNOC commits to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and comply with the advice given by the panel with regard to personal data transferred from the EU. Please contact us to be directed to the relevant DPA contacts.
As further explained in the Privacy Shield Principles, binding arbitration will also be made available to you in order to address residual complaints not resolved by any other means. EnerNOC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Third Party Privacy Policies
Use by Children
We do not intentionally gather information from visitors who are under the age of 13. If a child under 13 submits information to EnerNOC and we learn that the information is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any information from a child under 13, please contact us at firstname.lastname@example.org.
The data presented herein is for informational purposes only. Some of the data set forth herein is derived in whole or in part from third party sources. As a result, EnerNOC, Inc., on behalf of itself, and its affiliates and subsidiaries (“EnerNOC”) disclaims all representations and warranties as to the accuracy and completeness of said data.
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us using the details in the "Contact" section below.
Privacy Notice within the meaning of art. 13 of EU Regulation 2016/679 ("GDPR")
Enel X North America, Inc. (below, "Enel" or "CONTROLLER"), as Controller, an Enel SpA group company (“Enel Group”) will process the personal data of you or the entity you represent (“you” or “your”) in accordance with what was established by the legislation on the protection of personal data applicable and by this privacy notice.
Data Protection Officer (DPO)
The Controller has appointed a DPO which may be contacted at the following email address email@example.com.
Object and modalities of the processing
The Controller will process your personal data, which may include your name, surname, home address, and other information as defined in the GDPR. "Personal Data" communicated by yourself or legitimately retrieved by the Controller as described below.
For the processing of personal data for the purposes of this notice includes (but is not limited to) any operation or set of operations, carried out with or without the use of automated processing and applied to personal data, including (but not limited to) the collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, the comparison or interconnection, the limitation, deletion or destruction.
Enel informs you that such Personal Data will be processed manually and/or with the support of computerized means or telematics.
Purpose and legal basis of the processing
Enel will process your personal data acquired for the purposes described in the applicable contract.
The legal basis of the processing is constituted from consent expressed in accordance with this notice.
The transfer of certain personal data is necessary for the pursuit of the objectives stated in the applicable contract; therefore, a possible refusal could lead for Enel to the impossibility to conclude the contract.
Data Subjects Rights
Your Personal Data may be made available for the purposes mentioned above:
- to employees and collaborators of the Controller or to a company within the Enel Group present in the territory of the European Union;
- to third party companies or other subjects ("Third-party") which perform outsourcing activities on behalf of the Controller, in their quality of external management of the processing to persons for this purpose responsible for processing to persons for the purpose of direct marketing in compliance with the requirements of GDPR after obtaining your consent. In this last case, we inform you that the recipients of the data belong to the following categories: Public bodies to which the data must be sent based on legal regulations, including tax authorities, supervisory bodies, social security agencies, law enforcement agencies, internal departments involved in the performance of the applicable contract, including Marketing, Human Resources, IT and Information Security, contractors including service providers, such as IT service providers, and other Enel Group companies.
Transfer of personal data
Your Personal Data will be processed within the European Union and stored on servers within the European Union.
Your Personal Data will be transferred to third countries, including the United States, outside of the European Union. In the absence of a decision of adequacy or other appropriate measures aimed at protecting the above data, these will be processed on the basis of the consent at the bottom of the present notice.
We inform you that despite Enel Group’s adoption of policies that are common to all countries in which it operates, the transfer of your personal data could be exposed to risks related to the peculiarities of local laws relating to the processing of personal data.
The period of storage of personal data
The Personal Data processed for the purpose referred above will be maintained in compliance with the principles of proportionality and necessity, and in any case until they have been pursued the scope of the processing.
Your Personal Data will be kept normally as long as consent will not be withdrawn.
Rights of interested parties
Within the meaning of Articles 15 - 21 of GDPR, in relation to the personal data communicated, you have the right to:
- Access and ask for copy;
- Rectification and erasure;
- Restriction of processing;
- Obtain the limitation of the processing;
- To oppose the processing;
- Receive your personal data in a structured format, of common use and readable by automatic devices.
We inform you that you have the right to oppose at any time the processing of personal data for direct marketing, including profiling. The right to oppose such processing extends also to data processing by means of conventional contact. If you oppose to processing for the purpose of direct marketing, your Personal Data will not be object of processing for these purposes.
For the exercise of your rights and the withdrawal of the consent you can provide such notice to Enel.
For more information regarding your personal data you can contact the DPO., which can be reached at the following email address: firstname.lastname@example.org.
We remind you that You can file a complaint to the Supervisory Authority.
Based on the above information, by executing a contract with Enel, you give the consent to the processing of my Personal Data in the terms indicated by the above Privacy Notice pursuant to art. 9 paragraph 1 of GDPR and the applicable contract.
If you have any questions, concerns, or comments, please contact us at email@example.com.
California Privacy Notice
California Privacy Notice, Effective 05/09/18