privacy policy

1.1. This privacy policy describes how neoom international gmbh ("neoom", "we", "us"), FN 421620 f, Galgenau 51, 4240 Freistadt, processes the personal data collected from you when using the neoom app.

1.2. neoom treats your data confidentially and handles it responsibly. We comply with the applicable legal provisions on the protection, lawful handling and confidentiality of personal data, as well as on data security, in particular the General Data Protection Regulation (DSGVO), the Austrian Data Protection Act (DSG) and the Telecommunications Act (TKG).

1.3. Personal data is any information relating to an identified or identifiable individual. This includes, for example, your name, your e-mail address, and your IP address or device number.

 

2.1. We process the following data for the initiation and processing of business transactions relating to the services offered in the app:

• name or business name or description;
• Date of birth;
• Address;
• Telephone number and e-mail address
• UID / tax number;
• Electricity consumption, electricity generation, electricity purchase from energy community, electricity purchase from grid, electricity storage as well as heat consumption (each on 1 and 15 minutes basis)
• Energy profiles and statistics on a customer basis (e.g. monthly report, annual report) and aggregated
• User's electricity bill (energy costs, grid operator, energy supplier and customer number at the energy supplier)
• data concerning gateway (IP address of the gateway, manufacturer and serial number)
• Data on energy concepts (expected consumption as well as savings)
• technical location data (metering point number, transformer station, substation, connected load of the grid access, grid level as well as grid connection, data on device locations, roof pitch and orientation of the building and smart meter data);
• IP Keys for access to site and energy data
• Fault data for devices
• Log Data Gateway
• Log Data App
• Statistical data regarding available equipment (esp. electric car incl. mileage, air source heat pump, wellness (sauna, pool, AC, heating), PV system, charging station, storage, meter for electricity and heat quantity as well as heat pump / heating element).
• Records (history, archive) of user data exports

2.1.1. We receive some of the data from EDA Energiewirtschaftlicher Datenaustausch GmbH, in particular the energy data as well as the technical location data.

2.1.2. The processing of the data provided is carried out for the fulfilment of the contract with you (Art 6 para 1 lit b DSGVO) - without the use of this data we cannot provide the services selected by you..

2.1.3. The personal data will be stored until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us (usually 7 years, maximum 30 years) or beyond this until the end of any legal disputes in which the data is required as evidence.

2.2. We process the following data for accounting purposes relating to the services offered in the app:

• name or business name or description
• date of birth (if necessary for identification)
• Telephone number and e-mail address
• Address
• Bank details
• Tax liability and tax calculation data
• UID / tax number
• data on the payment behavior of the concerned person
• account and record data
• Credit card numbers and companies
• Billing details (esp. time period, user's electricity bill, metering point number and electricity consumption, electricity generation, electricity purchase from energy community as well as electricity purchase from grid, each on a 1 and 15 minutes basis)

2.2.1. The processing of the data provided is therefore also carried out for the fulfilment of your contract (Art 6 para 1 lit b DSGVO) as well as for the compliance with legal obligations (Art 6 para 1 lit c DSGVO).

2.2.2. The personal data shall be stored until the termination of the business relationship with the customer or until the expiry of the warranty, guarantee, limitation and statutory retention periods applicable to us (generally 7 years, maximum 30 years) or, in addition, until the termination of any legal disputes in which the data are required as evidence.

 

3.1. For the improvement of the neoom app we process the following data:

• Electricity consumption, electricity generation, electricity purchase from energy community, electricity purchase from grid, electricity storage as well as heat consumption (each on 1 and 15 minutes basis)
• Information about user behaviour in the app (number of visits, duration of visit and path of the user during visit incl. clicks).

3.1.1. The processing of the data provided is based on the following legitimate interests (Art 6 para 1 lit f DSGVO): Further development and improvement of the user-friendliness of the neoom app and the neoom products (usability), ensuring the stability, security and availability of the neoom app and neoom products.

3.1.2. The personal data shall be stored for three years for these purposes.

3.2. For the creation of statistics and for profiling your user behavior, we process the following data:

• Number of people per household
• Classification of the user type (e.g. private, business)
• Electricity consumption, electricity generation, electricity purchase from energy community, electricity purchase from grid, electricity storage as well as heat consumption (each on 1 and 15 minutes basis)
• Energy profiles and statistics on a customer basis (e.g. monthly report, annual report) and aggregated
• User's electricity bill (energy costs, grid operator, energy supplier and customer number at the energy supplier)
• Technical location data (transformer station, substation, connected load of the grid access, grid level as well as grid connection and smart meter data)
• Data regarding available equipment (esp. electric car incl. mileage, air source heat pump, wellness (sauna, pool, AC, heating), PV system, charging station, storage, meter for electricity and heat quantity as well as heat pump / heating element).
• Data on municipalities (number of inhabitants and buildings)
• Data on companies (industry and energy consumption)
  
  

3.2.1. The processing of the data provided is based on the following legitimate interests: We compile statistics and carry out profiling in order to individualize our products and offers, to tailor them to specific users and their behavior and to analyze the electricity and energy market on this basis. We therefore look at, for example, electricity consumption in relation to a specific region (postcode) based on their usage data in order to analyze user behavior and electricity consumption on an aggregated basis. In addition, the individualized analysis allows us to detect unusual load peaks and profiles as well as product faults at an early stage and to react accordingly.

3.2.2. The personal data collected for the compilation of the statistics will be aggregated and thus anonymised immediately after the finalisation of the respective statistics. The personal data collected through profiling are stored for three years and then overwritten with the current values..

3.3. For direct marketing purposes (in particular e-mail newsletters and telephone calls) we process the following data:

• name or business name or description
• Telephone number and e-mail address
• Classification of the user type (e.g. private, business)
• Energy profiles and statistics on a customer basis and aggregated
• Data regarding available devices (esp. electric car incl. mileage, air source heat pump, wellness (sauna, pool, AC, heating), PV system, charging station, storage, meter for electricity and heat quantity as well as heat pump / heating element)
• People per household
• Municipal data (number of residents and buildings)
• Data on companies (sector and energy consumption)

3.3.1. The processing of the data provided takes place exclusively on the basis of your voluntary consent (Art 6 para 1 lit a DSGVO).

3.3.2. The personal data will be deleted for this purpose after any revocation of consent or after three years of inactivity in the neoom app.

 

3.4. Conducting In-App Surveys

3.4.1. In the context of in-app surveys, we process the following data:

• Type of existing electricity storage (manufacturer/model)
• Interest in offers from neoom Power Partners

 

4.1 To ensure the proper functioning and continued development of our application, we process pseudonymized usage data relating to the use of features, interactions, and technical processes. Processing takes place without marketing or tracking cookies and without the collection of directly personally identifiable information such as name or email address. A pseudonymous user identifier is used, which does not allow direct identification of any individual. Technically necessary connection data (e.g. IP addresses) may be processed on a short-term basis for the provision and security of the service, but will not be stored permanently or used for analytical purposes. The legal basis is Art. 6(1)(b) GDPR as well as Art. 6(1)(f) GDPR (secure operation and user-friendly further development of our service). For usage analysis, we use PostHog (PostHog Inc. and/or PostHog Ltd.) as a data processor pursuant to Art. 28 GDPR. Processing takes place on servers within the European Union. Data is stored only for as long as necessary for the stated purposes, and is subsequently deleted or anonymized. Where processing is based on Art. 6(1)(f) GDPR, data subjects have the right to object at any time to the processing of their data on grounds relating to their particular situation.

5.1. We provide your personal data to the extent necessary to the following external service providers (processors) who assist us in providing our services. All our processors process your data only on our behalf and on the basis of our instructions so that we can provide you with our services. These are the following service providers:

• IT service providers and/or providers of data hosting solutions or similar services; and
• other service providers, tool providers and software solution providers who also assist us in the provision of our services and act on our behalf (including marketing tool providers, communication service providers).

5.2. In addition, we transmit your personal data to the following recipients (responsible parties) to the extent necessary:

• EDA Energiewirtschaftlicher Datenaustausch GmbH and the respective grid operator for the processing of the electricity supply and the feed-in into the electricity grid as well as for the billing of the energy consumption (execution of the contract)
• Energy communities (Energiegemeinschaften) for which you are eligible as a member, in order to establish contact and join them and conclude the necessary contracts
• Sparkasse Oberösterreich Bankaktiengesellschaft for payment processing (execution of the Agreement)
• Legal representatives in case of cause, courts as well as collection agencies and credit protection association (our legitimate interests)
• Auditors, authorities, courts and other public bodies to the extent required by law (e.g. financial or data protection authorities).

5.3. Personal data will only be transferred to recipients in third countries outside the EEA area if an adequacy decision has been issued by the European Commission for these countries, we have provided suitable guarantees for the protection of personal data by concluding a legally binding document or you have explicitly given your consent for individual cases as defined in Art 49 (1) lit a DSGVO.

5.4. Use of PostHog for In-App Surveys

5.4.1 For conducting in-app surveys, we use the service PostHog, provided by PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. PostHog processes your survey responses as well as technical metadata (e.g. anonymized device information, timestamps) on our behalf.

5.4.2 We use exclusively PostHog Cloud EU. Your data is stored and processed on Amazon Web Services (AWS) servers in the eu-central-1 data center in Frankfurt am Main, Germany. No transfer of your personal data to third countries outside the European Economic Area (EEA) takes place in the context of this processing.

5.4.3 A data processing agreement has been concluded with PostHog in accordance with Art. 28 GDPR. PostHog processes your data exclusively according to our instructions and for the purpose of conducting surveys. For more information on data protection at PostHog, please visit https://posthog.com/privacy.

5.5. Data sharing with authorized system partners: If you expressly consent to the sharing of data for optimization offers from system partners, certain energy-related data from your location may be made available to your responsible neoom system partner for the stated purposes. The shared data may include in particular:

• Contract status (Free or Paid Tier)
• Duration of use
• Participation in energy communities
• Tariff information (e.g. dynamic tariff)
• Configured devices (e.g. storage, charging station, heat pump)
• Installed storage capacity
• Consumption, production, and feed-in data
• Charge states of battery systems
• Electricity consumption and feed-in volumes

The sharing takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke this consent at any time with effect for the future. Your data will be used by the system partner exclusively for the creation of optimization suggestions and will not be passed on to third parties.

 

6.1. The personal data will be protected by neoom as best as possible against unauthorised access, unauthorised use or publication by third parties.

6.2. The personal data collected is stored on a server of Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland as a processor in the European Union. In this context, Neoom refers to the Terms and Certifications of Microsoft in the currently valid version, available at https://azure.microsoft.com/de-de/support/legal/.

6.3. Where data is processed in the context of in-app surveys via PostHog Cloud EU, storage takes place exclusively on servers within the European Union (AWS Frankfurt, Germany). PostHog has implemented appropriate technical and organizational measures to protect personal data, about which you can find further information at https://posthog.com/docs/privacy.

 

7.1. You have the right to receive information in a clear, transparent and easily understandable way about how we process personal data and about your rights as a data subject (Art. 12 et seq. GDPR):

7.2. You therefore have a right to information about the personal data we process about you. In addition, you have the right to have incorrect data corrected and your personal data deleted (right to be forgotten). Furthermore, you can revoke any consent you may have given at any time with effect for the future without giving reasons. You also have the right to restrict processing, to receive the data you have provided in a structured, common and machine-readable format (data portability) and the right to object.

7.3. In order for us to be able to process your request regarding your above-mentioned rights, please send the request directly to us, e.g. by post or via e-mail:

neoom international gmbh

4240 Freistadt

Austria

mail: privacy@neoom.com

7.4. You also have the right to complain to the competent supervisory authority. In Austria, this is the data protection authority, Barichgasse 40-42, 1030 Vienna.