1.  INTRODUCTION

In accordance with articles 13 and 14 of  the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”,  this Privacy Policy aims to explain in a simple and transparent way what type of personal data we collect about you and how we process it.

2. WHO ARE WE?

The Data Controller is Restart Energy Democracy Platform SRL (hereinafter referred to as “RED” or ”we”), a limited liability company, registered in Romania, having registration number J35/3221/2021, fiscal code 44729118, with its registered office in Timisoara, 11 Gheorghe Doja Street, office OG-11, 2nd floor, Timiș county, phone +40356414175, e-mail: hello@new-landingpage-dev.redplatform.com.     

This privacy policy is addressed to the individuals outside RED who come into contact with us, including through the website, by becoming a user of the RED Platform, by purchasing and using our products/ services and through commercial communications. These interactions can be achieved by visitors, customers, business customers, suppliers/ manufacturers, business partners and other people with whom we interact in the course of our activities, hereinafter collectively referred to as ‘data subjects” or ”you”.

Read this policy carefully to understand our data practices and how we treat them. If you have any questions, you can contact our data privacy representative through the communication channels below:

Restart Energy Democracy Platform SRL, e-mail address: hello@new-landingpage-dev.redplatform.com, phone +40356414175, contact section on website: www.new-landingpage-dev.redplatform.com.

3. DEFINITIONS

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purpose of this Privacy Policy, the Controller is RED.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. PRINCIPLES

The processing of personal data will be done in a legal, fairly and transparent manner;

Collection of personal data will only be done for specified, explicit and legitimate purposes, and data will not be further processed in a manner incompatible with those purposes;

The processing of personal data will be appropriate, relevant and limited to what is necessary for the purposes for which they are processed;

Personal data will be accurate and, where necessary, updated; All necessary steps shall be taken to ensure that incorrect data is erased or corrected without delay;

Personal data will be stored for a period no longer than is necessary for the purposes for which they are processed, except for specific cases, as detailed in Section 9 below;

Personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

5. TYPE OF PERSONAL DATA PROCESSED

We may process the following types of personal data:

  • Contact details (name, surname, e-mail address, phone number, postal address, postal code, address of consumer’s place and other addresses of the consumer if he / she owns more)
  • Professional information (the company you work for, your position or title, your power of attorney, answers to questions in the energy field and the relevant profile)
  • Demographics (date of birth, age) and personal identity information such as civil status, gender, personal identification number, ID number and series, date of issue and date of expiry of the ID, issuer, domicile address, residence address, picture and other data included in identity documents
  • Account login (username and password)
  • Bank user data (card number, bank account, bank name, bank address, information on payments)
  • Pictures uploaded, signature, opinions in the feedback provided
  • Information that is relevant for KYC / AML purposes, for various users of the Platform, Franchise Users, or new partners / clients, including financial soundness and reputational aspects, tax residence, political exposure
  • Information provided directly by you to calculate your carbon footprint, such as how you travel and frequency, energy and gas consumption, diet and type of foods consumed, quantity of products you buy, internet services used, country of residence and other information strictly provided for this purpose;
  • Customer service information (requests, petitions, feedback)
  • Information from comments, questions, reviews, as well as information transmitted or uploaded in the chat section on the Platform. Please do not send any confidential information or personal data pertaining to you or to other people on the public / private chats. You are solely responsible for doing so, RED being exonerated from any liability in relation thereto
  • Technical information (IP address, device used to visit the site, type of browser you are using, access times, viewed pages, hardware model, operating system)
  • Information about your use of our services, products and facilities (including information obtained when using our learning tools, demo accounts and trading simulators)
  • Information about the transactions you make using our services or the ones provided by third-party providers who offer additional services through the RED Platform
  • Other personal information provided to us or obtained by us from public sources
  • Information generated by us as part of the activity carried out by you on RED Platform or sent to us by third-party providers who offer additional services through the RED Platform (tokens or cryptocurrencies hold, sold or staked, wallet balance, various transactions, bonuses, commissions and fees, certificates or diplomas issued etc.) 

and, in particular, in addition to the above, the following data based on the role you have:

  • as Franchise User: your country, region, city, franchise name, recent invoices, information regarding the landing page created, information regarding the virtual energy company created, information regarding the personalized offers created etc.
  • as Producer: your name as operator of a power plant, information that appear on the producer license or the grid connection permit, information about the power plant (technology, type of renewable energy (solar, wind, hydro, biomass, biogas), installed capacity, location, historical energy production), information from the public profile photos or video uploaded, your claims based on the production of energy from renewable sources etc.
  • as Supplier: identity data about the conventional or legal representatives, information available in a power of attorney attesting powers of representation, information that can be available from a license for supplying energy / natural gas etc.
  • as Consumer: information regarding energy consumption (amount of energy/ natural gas consumed, consumption value, consumption history, information that can be available from an energy / natural gas invoice, information that can be available from a property deed for consumption place, the internal code as consumer assigned to you by RED, the cod for the consumption place, active energy price, other tariffs included in the total cost / KWh, monthly consumption, outstanding amounts, amounts paid, other information related to the supply agreement concluded with the Supplier etc.
  • as Validator: your answers to the test attesting the level of knowledge in the area of renewable energy, your decisions to validate claims and requests, your motivated decisions to reject claims and requests, the number of false validations, the penalties applied etc.
  • as Investor on the RED Crowdfunding Platform: information from the profile created by you, personal data necessary to sign and execute the Investment Facilitation Agreement; personal data necessary to incorporate the SPV and sign and execute the shareholders agreement, including the value of your investment, the number of shares in the SPV, indirect percentage of ownership in the renewable energy project etc.
    Also, for your entry knowledge tests, RED may request information about your experience, investment objectives, financial situation and basic understanding of risks involved in investing in general and in investing in the types of investments offered on the RED Crowdfunding Platform, including information about: (a) your past investments in transferable securities or past acquisitions of admitted instruments for crowdfunding purposes or loans, including in early or expansion stage businesses; (b) your understanding of the risks involved in granting loans, investing in transferable securities or acquiring admitted instruments for crowdfunding purposes through a crowdfunding platform, and professional experience in relation to crowdfunding investments.
  • as Project Owner using the RED Crowdfunding Platform: information from the profile created by you, data from the due diligence report conducted by RED, mainly representing a review and verification of information and documents received from the renewable energy project; data from other documents submitted for obtaining financing, including the value of the start-up, the capitalization table etc.; personal data included in the Key Investment Information Sheet; personal data necessary to sign and execute the License and Services Agreement; personal data necessary to sign and execute the subscription and shareholders agreement with the SPV (if your project receives the investment).

6. PURPOSES OF PROCESSING

Our primary goal in collecting personal information is to provide you with a safe, efficient and personalized experience. We use personal information to create, develop, operate, deliver and improve our services.

Also, RED considers the following purposes for which your data is processed:

The provision of services to which RED is contractually bound by way of the various Terms and Conditions available on this website or other contractual agreements we may have in place (for example, an Investment Facilitation Agreement if you are an Investor or a License and Services Agreement if you are a Project Owner using the RED Crowdfunding Platform), without being limited to:

  • To grant you access to the functionalities available at www.new-landingpage-dev.redplatform.com.
  • To provide you with any other RED ancillary services and user assistance you require.
  • To create your RED Platform user account. 
  • To identify you as a RED Platform user and give you access to the various features and services available to you as a registered user.
  • To monitor and process transactions and send notifications about your transactions. 
  • To verify your identity and your eligibility.
  • To send administrative or account related information
  • To conduct the KYC and AML checks
  • To provide crowdfunding services with the sole purpose of temporarily facilitating the conducting of fundraising rounds by Project Owners seeking funding on the RED Crowdfunding Platform and connecting them with Investors.

Other purposes of processing include:

To better understand our users and how they use and interact with RED’s website and services.

To provide a personalized experience and to implement the preferences you ask for.

To customize, measure and improve RED services and the content and layout of our website.

To increase security, prevent fraud, monitor and verify access, combat spam or other malware or security risks.

Based on your communication preferences, to send you promotional content and marketing communications; we can give you promotional offers based on your communication preferences. You can always give up our marketing communications by withdrawing your consent.

To engage in marketing and promotional activities, as well as in market research and statistics.

To interact with you on third party social networks (subject to the terms of use of that network).

To communicate with you about our events.

To prevent and investigate potentially forbidden or illegal activities and / or violations of the Terms and Conditions applicable to you.

To resolve disputes, collect taxes, collect outstanding amounts from you and troubleshoot technical issues.

To ensure the administrative management of contracts, including financial and accounting aspects, billing and recovery of receivables.

To ensure RED’s legal protection.

To operate and manage our websites and the interactions through such websites.

To perform live testing of our systems on an exceptional basis, to resolve issues internally as soon as possible to enable us to deliver high standards of service.

To manage our IT infrastructure.

To investigate any complaints and to provide customer service.

To comply with legal and regulatory requirements.

To ensure future development or reorganization operations, including via mergers with other companies or acquisitions of companies or parts of companies;

To comply with group relation policies and procedures. 

7. LEGAL BASIS FOR PROCESSING

The legal basis for processing your personal information will depend on the purposes for which we process your information.

Mainly, we will process your personal information based on the legal basis of performing the contract we have with you, as long as you accepted the specific Terms and Conditions applicable to you, available on this website or other contractual agreements we may have in place (for example, an Investment Facilitation Agreement if you are an Investor or a License and Services Agreement if you are a Project Owner using the RED Crowdfunding Platform). 

In this situation, the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract. If you do not wish to provide the requested personal information, RED may not be able to offer you part or all of functionalities and services.

It is also possible to process personal information to comply with legal obligations, in areas such as fiscal, accounting, archiving, incorporating an SPV etc.

Additionally, in some situations, we have a legitimate interest in processing your personal data, such as: 

  • continuously managing our relationship with you and maintaining contact with you; 
  • our internal business objectives, which can include keeping / storing documents, management of the correspondence and archives, continuity of IT services (for example, backups); 
  • to ensure the quality of the services we offer you; 
  • marketing analyses, including marketing campaign optimization and web analytics to enable us to develop and target the marketing of our products and services; 
  • keeping our updates and studying how our customers use our products / services; 
  • portfolio analysis to enable us to improve the products and services we offer to our customers
  • minimizing the relations with natural persons or legal entities that can pose high legal, financial or reputational risks;
  • exercising our legal and contractual rights and defending them before the relevant courts and authorities, including, if the case, through receivable recovery activities or the preservation of potential means of evidence;
  • analyzing and looking for acquisition, merger or, eventually, sale operations in connection with RED’s activities or in developing new entities;
  • cooperating or interacting with specialized third-party entities in relation to any aspect of relevance for the interests above, including in relation to the IT infrastructure, accounting, or the legislation of other jurisdictions, to the extent relevant and to develop partnerships.

If you have given your consent for direct marketing through electronic means or you have a subscription to our newsletter, we will use the relevant personal information to provide you with commercial communications about products, news, events and services that may be of interest to you. To this end, we may periodically send you marketing materials via mail, e-mail, phone, SMS or other electronic means.

8. PROFILING

When we send or display communications or personalized content, we can use certain techniques as “profiling” (i.e. by legal definition, this any form of automatic processing of personal data that involves the use of such data to evaluate certain personal aspects relating to an individual, in particular to analyze or introduce aspects relating to the preferences, interests, economic situation, behavior, location, health, financial situation or personal movements of that individual). 

This means that we can collect personal information about you in different situations (newsletters, advertisers’ retransmission of visitors who visited the RED site, grouping the website of those entering the RED website and using this information in marketing purposes). We centralize this data and analyze it to evaluate and anticipate your personal preferences and/or interests. Based on our analysis, we send communications and/or content tailored to your interests/needs. 

You have the right to object to the processing of personal data for profiling activities conducted by RED, under certain circumstances. If you wish to do so, please contact us at the contact detail provided in Section ‎2 herein.

Please note that the profiling activities conducted by RED are not solely based on automated processing and involve a human intervention.  We will inform you of implementation of profiling or a decision-making system producing legal effects concerning you or similarly significantly affecting you, based solely on automated processing (i.e. without human intervention), if this will be the case in the future.

9. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

It is possible to share the required part of your personal data only to the extent that it is only necessary for the following third-party categories:

  1. companies that offer us products and services, such as: (i) media agencies, such as those that organize promotional campaigns, advertising campaigns, customer service campaigns on social networks, campaigns / surveys to measure customer satisfaction and feedback to improve provider services, (ii) electronic and telephone communication services with users; (iii) Internet services: analysis, advertising; (iv) Infrastructure Agents (third parties who manage the newsletter transmitted by email, SMS marketing or other marketing, user assistance activities); (v) vendors of IT systems and related support service providers, including e-mail archiving, telecommunication service providers, back-up and disaster recovery, IT security services; 
  2. companies that offer us services of third-party identification services to prevent fraud. This allows RED to confirm your identity by comparing the information you provide us with your public records and other third-party databases; 
  3. companies involved in the operation, management and technical administration of our website www.new-landingpage-dev.redplatform.com;
  4. third-party providers who offer additional services through the RED website, such as brokerage services for managing digital wallets and processing payments between cryptographic assets (tokens) / cryptocurrencies and fiat currencies;
  5. other parties such as public authorities and institutions, accountants, auditors, lawyers and other external professional counsellors, if their activity requires their knowledge or where the law requires us to disclose them;
  6. the authorities, entities and individuals who receive data in order for RED to facilitate conducting fundraising rounds on the RED Crowdfunding Platform and finalizing the investment (if the case may be), such as other (potential) Investors, the Project Owner, the Trade Registry, various legal and financial consultants, banks etc.; 
  7. other companies involved in the provision of any services subject to the Terms and Conditions on the RED website; the financial institutions we partner with and process the payments you have authorized.

If you are a user of RED Platform, we will also disclose your personal data to the other users of the RED Platform, to the extent necessary to execute the specific Terms and Conditions you are a part of and to ensure that all specific functionalities for your role on the RED Platform are available and functional.

We will also disclose your personal information to third parties:

  1. In case you request or give us permission or instructions to do so;
  2. Persons who can demonstrate that they have the legal authority to act on your behalf;
  3. If it is our legitimate interest to do so in order to manage, expand or develop the commercial activity: (i) in case of a transfer of an enterprise (we sell part of the business or certain goods), we may disclose your data to the potential buyer of those commercial or commodity activities to ensure that the activity continues; (ii) if RED (or a substantial part of its assets) is acquired by a third party, in which case the personal data held by RED will be one of the transferred assets;
  4. If we have an obligation to disclose your personal data to comply with a legal obligation, any legal request from governmental or executive authorities and as may be necessary to meet certain national security or enforcement requirements under the law or to prevent certain illegal activities;
  5. To respond to any claim, to protect our rights or a third party, to protect the safety of any person or to prevent any illegal activity;
  6. To protect the rights, property or safety of RED, its employees, RED platform users, or others.

10. STORAGE OF PERSONAL DATA        

RED takes all necessary steps to ensure that your personal data is processed only for the minimum period required for the purposes set forth in this Privacy Policy. The criteria for determining how long your personal data is stored are:

(a) RED will keep copies of your personal data in a form that permits identification only as long as:

  1. we maintain an ongoing relationship with you (for example, if you are included in our e-mail list and have not unsubscribed or you are bound by the Terms and Conditions on the website);
  2. your personal data is required in connection with the purposes set forth in this Privacy Policy and we have a valid legal basis;

(b) In addition, if relevant legal actions are being formulated, we may continue processing your personal data for such additional time in relation to that claim / action. Nonetheless, RED will keep the data for the period of time while legal liability could be triggered at the initiative of or against RED.

After the end of the periods in (a), (b) above, each to the extent applicable, we will (i) erase or definitively destroy the relevant personal data, or (ii) we will anonymize the relevant personal data.

Your personal data will be retained after the period referred to in (a) and (b) above only if it is ordered by applicable law and only for the period of time provided for by the law , the basis being the legal obligation.

11. MINORS

We do not request and do not knowingly collect personal data from children under the age of 18. If we find that we have unintentionally collected personal data from a child under the age of 18, we will promptly delete the child’s personal data from our records.

Persons who have not reached the age of 18 are not allowed to request services or any communications on the RED website / platform.

If a person submitting personal information is suspected of being less than 18 years old, RED will close their account and will not allow the user to continue their activities on the RED platform.

Also, any person who provides us with personal data through the website or other applications or devices covered by this Privacy Policy guarantees that they are an adult and  are in fully capable under civil law.

12. DATA SUBJECT’S RIGHTS

Any person whose personal data is processed by RED has the rights set forth in GDPR, within the limits therein.

The right of access (the data subject has the right to obtain from RED a confirmation that personal data concerning him / her are processed or not, and, if so, he / she has the right to access the data).

This right may be limited or refused because it does not have to adversely affect the rights and freedoms of others.

The right to rectification (the data subject has the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him / her). Taking into account the purposes for which the data were processed, it is entitled to obtain the completion of personal data that is incomplete, including by providing an additional statement.

The right to erase data in situations where (1) the data are no longer necessary for the fulfillment of the purposes which they were collected or otherwise processed, (2) the consent has been withdrawn and there are no other legal basis for the processing, (3) the person objects to the processing and there are no legitimate reasons (4) personal data have been processed unlawfully, (5) the personal data have to be erased for compliance with a legal obligation to which the controller is subject; (6) the personal data have been collected in relation to the offer of information society services.

This right may be limited or refused, the reason for the refusal or limitation being communicated to the person concerned.

The right to restriction of processing – the data subject has the right to restrict the processing in the following situations:

  1. contest the accuracy of the data for a period that allows the controller to verify the accuracy of the data;
  2. the processing is unlawful, and the person concerned opposes to the deletion of personal data, but instead requests the restriction of their use;
  3. the personal data is no longer required for processing, but the data subject requests them for the establishment, exercise or defense of a right in court;
  4. the data subject objects to the processing, for the period of time necessary to verify that the legitimate interests of the controller prevail over the rights of the data subject.

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.  This right is not applicable if the decision: 

  1. is required to conclude or execute a contract between the data subject and RED;
  2. is authorized by legislation which also provides for appropriate measures to protect the legitimate rights, freedoms and interests of the data subject;
  3. is based on the explicit consent of the data subject

The right to object to data processing does not apply in cases where data processing is based on a legitimate interest or on a basis consisting of a need to process for the performance of a task that serves a public interest.

The right to object does not apply either in cases where RED demonstrates that it has legitimate and imperative reasons that justify the processing and override the interests, rights and freedoms of the data subject, or that the purpose consists of the establishment, exercise or defense of legal claims.

Right to data portability – the data subject has the right to receive the personal data concerning him/her which have been provided in a structured, commonly used and readable form and has the right to request RED to transmit this data to another operator, without obstacles from RED, if the following conditions are met cumulatively:

  1. processing is based on consent or contract and
  2. processing is carried out by automatic means, in particular if this is technically feasible

The right to file a complaint with RED – the data subject may file a complaint if he / she is unhappy with the processing of his or her personal data or with the way of responding to its request.

The right to file a complaint with the relevant Supervisory Authority– the data subject has the right to file a complaint with the relevant Supervisory Authority if he/she is dissatisfied with the processing of his/her personal data.

For Romania : National Authority for the Supervision of Personal Data Processing, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania,  Fax: +40.318.059.602, Email: anspdcp@dataprotection.ro.

The right to address the relevant court – the data subject has the right to address the relevant courts if he/she is unhappy with the processing of his or her personal data.

The right to withdraw one’s consent – consent withdrawal does not affect the legality of a processing operation performed based on such consent before it was withdrawn or of a processing operation performed on another basis (i.e. the legitimate interest).

13. COOKIES AND OTHER SIMILAR TECHNOLOGIES

See our Cookies Policy here to learn how to manage your cookie settings and detailed information about the cookies we use and the purposes we use them for.

14. PERSONAL DATA TRANSFER TO THIRD COUNTRIES

Keeping and processing your personal data as described above may require the transfer of your personal data and / or storage to a destination outside your country of residence to countries within the European Union („EU”) or the European Economic Area („EEA”) (such as, for example, service providers).

Before doing so, we will take the necessary steps to ensure that your personal data will benefit from adequate protection, in accordance with the relevant privacy laws and internal policies of RED.

Your data may be transferred outside the EEA / EU, mainly due to the location of our subcontractors. In order to provide you with a quality service, we have decided to outsource certain operations to specialized service providers who have a relevant experience in their areas (for example: IT hosting). Some of these providers are established outside the EEA / EU, for example in the United States (”US”).

RED implements appropriate security and compliance measures, as the case may be, to ensure that your personal data are duly protected and that your rights are respected, such as: ensuring an adequacy decision is in place for that country or signing standard contractual clauses. Moreover, recipients of your personal data are obliged to ensure confidentiality in a legally binding manner. For more information about these measures and your rights, please contact us at the contact coordinates in Section ‎2 above.

In limited situations, your personal data may also be stored and processed in countries outside the EU / EEA for one of the following reasons, in accordance with article 49 of GDPR: (i) you have expressed your consent to the transfer of data; (ii) the transfer is necessary for the execution of a contract between you and the controller; (iii) the transfer is necessary to conclude a contract or to execute a contract in your interest; (iv) the transfer is important on public interest grounds; (v) the transfer is necessary for the establishment, exercise or defense of a court law; (vi) the transfer is necessary to protect your vital interests or other persons when you are physically or legally incapable to express your consent; (vii) the transfer is made from a register that aims to provide information to the public.

15. MISCELLANEOUS

It is important for you to play a role in maintaining the security of your personal data. When logging in to an online account, please make sure you choose an account password that will be difficult to guess by others, and you will not pass your password to any other person. You are responsible for maintaining the confidentiality of this password and for any use of your account. If you are using a multi-user or a public computer, never choose the option to store the login / e-mail address or password. Please log out of your account every time you leave your computer.

Our site may contain links from time to time, to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible and cannot be held responsible for these policies. Please check these policies before submitting personal data to these websites or contracting the services offered by our partners. 

We also can offer you the ability to connect through social networking sites. If you do so, please be aware that you will share your profile information according to the settings of your social media platform. Go to the relevant social platform and review its privacy policy to understand how your personal data is shared and used in this context.

16. CHANGES TO THIS POLICY

If we make changes to the way we handle your personal information, we will update this Privacy Policy. We reserve the right to make changes to our practices and policies at any time. Please check our site regularly to see any updates or changes to our Privacy Policy.