“Personal data” refers to such data that we collect and retain about you and how you use our services, which may directly or indirectly identify you. We use this data to provide services, improve your experience, improve our services and make offers that are tailored to your specific needs.
The information below is a summary of how we collect and process your personal data in accordance with the General Data Protection Regulation (GDPR).
- Types of personal data that we collect
- How we collect personal data
- Purposes of using the personal data
- How long we retain personal data
- Disclosures of personal data to third parties
- How we protect your personal data
- You decide what happens to your personal data
- The personal data of you and your users when Ngenic acts as a personal data processor
- How your personal data is processed when you are no longer a customer
Types of personal data that we collect
Contact information
When you become a customer with Ngenic, we collect your contact information:
Name, address, e-mail address, telephone number.
Information about your services
We also retain data regarding which of our services you have ordered and use, and in which way you use them.
Information that our products and services collect while you use them
We also retain data that our products and services collect in order to be able to perform those of our services that you use.
Customer support
When you contact our customer support, we collect the information that you provide to us in order to help you with your request.
How we collect personal data
We collect and process data that …
- … you submit when you become a customer with us.
- … you specify when you contact us in the form of notes, chat conversations, e-mail and recorded phone calls.
- … is created when you use our services – i.e. when you use our app or visit our website.
- … our products and services collect – e.g. temperature readings and energy information.
- … we collect from other sources – e.g. your energy provider.
- … is collected using cookies that collect information about and from your web browser.
Precisely which information we collect about you in particular depends on which of our services that you use.
Purposes of using the personal data
In order to process your data, it is required that we have any of the following legal justifications to do so:
- Required in order to fulfil our agreement with you.
- Required in order to fulfil Ngenic’s legal obligations.
- The processing is in the interests of both you and Ngenic.
- You consent to that processing specifically.
In order to be able to provide our services to you, we need to process your personal data. In the following section, we provide information about the purposes for which your personal data is used, and which legal basis supports the processing.
Provision of services
We process personal data in order to identify you as a customer and to manage and deliver the products and services you have ordered and to which you subscribe. In addition, we process such personal data as are needed to manage billing and payments for the services you use.
Legal basis: Fulfilment of agreements.
Communications and customer support
We may use personal data arising from previous contacts that you have had with us, in order to provide you with better help.
We use your contact information and information about the services you use as a basis for preparing invoices, newsletters, important information about your services, offers and tips for using our services.
Legal basis: Balancing test, consent and fulfilment of agreements.
Development of our services and products
We process personal data relating to how you use our services as well as from your contacts with us, in order to improve your experience specifically as well as our products and services overall.
Legal basis: Balancing test and consent.
Marketing
In order to market relevant products and services to you based on your needs, we process personal data relating to which services you use and how you use them.
Legal basis: Balancing test and consent.
Security and abuse prevention
We process personal data in order to detect and prevent the following in our services and in our network:
- abuse
- attempted network breaches
- attacks in the form of viruses, DDOS
- crimes
- use of our services in contravention of our terms and conditions of use
Legal basis: Fulfilment of agreements and legal obligation.
Statutory duties
We process personal data in order to comply with legislative requirements.
Legal basis: Legal obligation.
How long we retain personal data
We retain personal data for as long as there is a documented purpose of processing. Contact our data protection officer for further details.
Disclosures of personal data to third parties
Partners, subcontractors and other companies within the Ngenic group
We have agreements with all of our partners and subcontractors within the EU, as well as EU standard contract clauses with all of our partners outside the EU. As applicable, we apply the EU standard clauses (2010/87/EU) or the standard clauses that replace these following any decision by the European Commission and/or the European Courts of Justice. These agreements regulate, inter alia, which personal data is processed, why it is processed, how personal data is to be protected and for how long they may be processed. The agreements also include instructions from the personal data controller to the personal data processor with regards to how the personal data may be processed.
We strive never to disclose more personal data than strictly necessary with each partner.
We take appropriate security measures in order to ensure that your personal data is processed in accordance with applicable security and privacy legislation. We demand the same of our subcontractors.
We may, for the purposes set out below, disclose certain data to the following partners and subcontractors.
Marketing and analytics purposes
| Google (Mountain View, CA, USA) | Analytics data via third-party cookies for marketing and website analytics |
|---|---|
| Facebook (Menlo Park, CA, USA) | Analytics data via third-party cookies for marketing |
For the purpose of delivering services ordered
| Unifaun AB (Stockholm, Sweden) | Data required to deliver orders to the customer |
|---|---|
| DHL Freight AB and group companies (Stockholm, Sverige) | Data required to deliver orders to the customer |
| Microsoft (Redmond, WA, USA) | Microsoft’s operating environments are used by Ngenic’s systems, within which collected customer data is processed. Microsoft also makes address suggestions and provides conversion of addresses to coordinates. |
| DigitalOcean, LLC (New York, NY, USA) | DigitalOcean operating environments are used by Ngenic’s systems, within which collected customer data is processed |
| myLoc managed IT AG (Düsseldorf, Germany) | myLoc’s operating environments are used by Ngenic’s systems within which collected customer data is processed |
| Elomraden.se (Trollhättan, Sweden) | Address information to identify electricity price areas |
For the purpose of receiving payment for our services
| Mondido Payments AB (Stockholm, Sweden) | Data needed to process card payments |
|---|---|
| Billogram AB (Stockholm, Sweden) | Data needed to manage customer invoices |
| Nordea AB (Helsinki, Finland) | Data required to manage manual repayments |
| Öhrlings Pricewaterhousecoopers AB (Stockholm, Sweden) | Transaction data for bookkepping and accounting purposes |
For the purpose of communicating with customers
| Fastmail Pty Ltd (Melbourne, Australia) | Data required to communicate via e-mail. |
|---|---|
| Mailjet SAS (Paris, France) | Data required to communicate via e-mail. |
For the purpose of delivering customer support services
| Help Scout Inc. (Boston, MA, USA) | Data required to deliver customer support services |
|---|---|
| Slack Technologies Limited (San Francisco, CA, USA) | Data required to deliver customer support services |
| Targetprocess Inc. (Amherst, NY, USA) | Data required to deliver customer support services |
| Dropbox International Unlimited Company (San Francisco, CA, USA) | Data required to deliver customer support services |
Public authorities
By request, we may by law and by government decision be required to disclose certain personal data to e.g. the Swedish police.
How we protect your personal data
We use industry standard methods to store, process and communicate sensitive information such as personal data and passwords in a safe manner. This may include SSL/TLS, PGP and one-way hashing algorithms.
These protections are implemented through systematic, organisational and technical measures in order to safeguard data privacy, secrecy and accessibility.
We have policies and security routines in place for, inter alia:
- information security
- incident management
- risk analysis
- software updates
- secure configuration and management of devices
- offices and server halls
- software development
- training and education
Ngenic’s staff are bound by non-disclosure agreements and only process the information required by their duties.
You decide what happens to your personal data
You decide what happens to your personal data. This means that you decide which information you wish to submit and to which processing of your personal data you consent, and you may withdraw your consent at any time.
Please note, however, that we must have access to certain personal data in order to provide our services to you. If you choose to withdraw your consent, this may mean that we are unable to provide all services to you.
Read more about your rights regarding your personal data here
The personal data of you and your users when Ngenic acts as a personal data processor
In those cases where you are the personal data controller, our processing of your customer’s personal data is regulated by a contract appendix, the Personal Data Controller Agreement.
How your personal data is processed when you are no longer a customer
When you terminate your account, we remove all of our personal data for which there are no longer purposes to continued processing. We will also notify any partners and subcontractors that have processed your data that it is to be deleted on their end.
Data to be deleted include your…
- … personal data in our CRM system.
- … all collected data from our products and services that may be tied to you as a customer in our operational systems.
- … backups of the above are deleted in accordance with our backup schedule.
Among the data that is not deleted are:
- Data required by the Swedish Book-keeping Act.
- Statistical aggregated data that cannot be attributed to any individual customer.
This page was updated on 2022-01-13