Privacy Policy

Through this Privacy Policy (the "Policy"), Nano Energies (also referred to as "Nano Energies" or "we") informs its customers and employees of its business partners what personal data it processes, how it processes it and for what purpose. The policy also includes information on the rights of data subjects in relation to the processing of their personal data and how to exercise them. Unless otherwise stated below, each member of Nano Energies processes the personal data of its customers and the employees of its business partners in the capacity of a data controller.

Nano Energies a.s,
ID No: 28392191, with registered office at Národní 135/14, 110 00 Prague 1

Nano Green s.r.o,
ID No.: 02406233, with registered office at Národní 135/14, 110 00 Prague 1

Digital Energy Services s.r.o.,
registration number: 28188861, with registered office at Národní 135/14, 110 00 Prague 1

DES Holding a.s.
ID No: 11899913, with registered office at Národní 135/14, 110 00 Praha 1

Nano Energies Hrvatska d.o.o.
ID: OIB 081387929; VAT number: HR87165314175, with registered office at HR-10000 Zagreb, Puževa ulica 11, Croatia

Nano Energies Magyarország kft.
ID: 11-09-029271, with registered office at Kelemen L. utca 1, Komárom. 2900, Hungary

Digital Energy Services Romania S.R.L.
Sole registration number: 46079860, with registered office at Bucureşti Sectorul 1, Strada TIPOGRAFILOR, No. 11-15, PARTER, CAMERA NR.3

Nano Energies Slovensko s.r.o.
ID No.: 53 412 982, with registered office at Mlynské nivy 48, 821 09 Bratislava - Staré Mesto, Slovakia

Contacts for more information on the processing of personal data and for exercising the rights of the data subject

Telephone: 226 257 257

E-mail: dataprivacy@nanoenergies.eu

Nano Energies has not appointed a data protection officer.

GDPR:

Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data:

Personal data means any information relating to an identified or identifiable natural person ("data subject").

Special Category Personal Data:

Special category personal data means data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning the health or sex life or sexual orientation of a natural person.

Data subject:

A data subject is an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The categories of data subjects whose data we process are set out in Article 4 of the Principles.

Processing of personal data:

Processing of personal data means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.

Controller:

The controller of personal data is the natural or legal person, public authority, agency or other entity which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, that law may determine the controller in question or the specific criteria for its designation; unless otherwise specified below in this Policy, the controller of your personal data is the member of Nano Energies with whom you are a customer or with whom you interact in the course of your employment or business.

Processor:

A processor is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of a controller.Nano Energies uses contractors who are processors of personal data for some processing operations. A list of these is set out in Article 6 of the Policy.

Supervisory Authority:

The supervisory authority for the processing of personal data in the Czech Republic is the Office for Personal Data Protection ("OPPD").

In particular, we process the following categories of your personal data.

a) Identification data (name, surname, address, date of birth, birth number, identity card number)

b) Contact data (e-mail, telephone number)

c) Descriptive data (professional position and classification with the business partner)

d) Accounting data (information on mutual claims, payment data)

e) Data about services and products provided or requested, including transaction data and mutual claims

f) Customer preferences and needs

g) Records of our communications (telephone calls, electronic communications)

h) Network identifiers and other information relating to electronic communications

i) Information from cookies and similar online tools

In particular, we process personal data relating to the following categories of data subjects

a) Our customers (electricity/gas customers and suppliers) and their agents.

b) Our prospective customers and their agents

c) Employees, business partners and their employees

In this section you will find information about the purposes for which we process your personal data, our legal basis for doing so, to whom the processing relates and how long we keep the data for each purpose.

We may also share your personal information with other organisations. These include:

a) Our business partners whose products we distribute or offer, distributors, market operators and regulatory authorities.

b) Data processors. This term refers to suppliers who carry out certain processing operations on our behalf, always under our instructions and with a sufficient level of protection of your rights.

Our data processors primarily include:

• HubSpot, Inc., which operates the online tool for recording communications with our customers (CRM).

• Google, from whom we use marketing, service and analysis tools, in particular Google Ads, Google Console and Google Analytics.

• MailChimp, the operator for the creation, management and sending of electronic communications

• Semrush, operator of analytical tools

• KARAT Software a.s., which operates the system we use to manage our finances

• Atlassian, which operates systems for internal communications that may contain personal data

• Microsoft, from whom we use standard office tools (Word, Office, Outlook, Excel, etc.)

• D3Soft Future, s.r.o., which operates an information system for customer service and communication.

c) Data sharing within the Nano Energies Group.

We provide certain activities, services or processes in a uniform manner within the Nano Energies Group. The group member responsible for these activities and providing them to others is in the position of a data processor. The group member on whose behalf the processing is carried out remains the data controller of its customers' data and is fully responsible to them for the processing.

• Joint system for the transmission of business contacts
DES Holding a.s. operates a common system for collecting enquiries and business contacts (leads) on the website and forwarding them to other members of the Nano Energies Group.

• Management of CRM tool for customer communication
DES Holding a.s. operates a common CRM tool for the entire Nano Energies group. Each member of the group manages and records its customers and their contact and other personal data in the CRM tool.

d) Public authorities, courts and other bodies, if the provision of personal data to us is expressly required by the applicable law.

We use cookies and similar tools when you visit Nano Energies websites. Cookies are small files that we store or retrieve from the web browsers of visitors to our website.

Cookies help us to provide users with the services they request (e.g., to complete and submit an online form, to remember language selection or site resolution, etc.), to determine whether the site and all of its components are functioning properly, to ensure the security of our communications, and to display more targeted marketing offers.

We use cookies to ensure the proper functioning and behaviour of the website, to provide the service or functionality you have requested, and to ensure secure communications, even without your consent. You can disable the use of these cookies in your internet browser, but in this case we cannot guarantee the correct functioning of our website.

We use cookies and similar tools from Google, Meta and Hotjar to evaluate the functioning of our website, to obtain statistical data and to better target marketing communications in the internet environment. This use of cookies and the further processing of personal data obtained from them is only possible with your explicit consent, which you can give when you visit our website via the so-called cookie bar. Consent is voluntary and failure to give or later withdrawal of consent will not affect the availability or functioning of the website or our products and services.

You can find out more about how these tools work at https://www.google.com/policies/privacy/, https://www.facebook.com/about/privacy/ and https://www.hotjar.com/privacy/.

The processing of personal data at Nano Energies does not involve automated individual decision-making or profiling.

Automated individual decision-making and profiling is generally understood to mean any form of processing of personal data consisting of using such data to evaluate certain personal aspects relating to the data subject, in particular for the purpose of analysing, estimating, evaluating or predicting aspects relating to the data subject's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Nano Energies does not carry out any such automated processing with legal implications for the data subject.

Right of access to personal data

You have the right to request us to provide you with access to personal data relating to you.

personal data relating to you. In particular, you have the right to obtain confirmation from us as to whether or not we are processing personal data relating to you, as well as further information about the data processed and the method of processing within the meaning of the relevant provisions of the GDPR (purpose of processing, category of personal data concerned, recipients, intended storage period, existence of the right to rectification, erasure, restriction of processing or the right to object, source of personal data and the right to lodge a complaint). Upon request, we will provide you with a copy of the personal data we hold about you free of charge. In the event of a repeated request, we may charge you a reasonable fee for providing a copy that is commensurate with the administrative costs of processing the request.

To request access to your personal data, please use the contact details set out in this policy.

Right to withdraw consent to the processing of personal data where the processing is based on consent

You have the right to withdraw your consent to the processing of personal data that we process on the basis of that consent at any time.

You may withdraw your consent by contacting us as set out in this policy or by following the procedure set out in the footer of the email containing the commercial communication.

Right to rectify personal data

If you discover that any of the personal data we hold about you is inaccurate, you may request that we correct it without undue delay. You may also request that we complete the information we hold about you if this is reasonable in the particular circumstances of the case.

You can request the correction of the data by contacting us using the contact details set out in this policy.

Right to erasure of personal data

You have the right to request that we delete the personal data we process about you without undue delay in the following cases

• You withdraw your consent to the processing of personal data and there is no other legitimate reason for us to continue processing the data that overrides your right to erasure;

• You object to the processing of your personal data (see below);

• Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it;

• the personal data has been processed unlawfully;

• the personal data was collected in connection with the provision of information society services to a person under the age of 18;

• the personal data must be erased in order to comply with a legal obligation under Union law or Czech law to which we are subject.

In these cases, you may request deletion by contacting us using the contact information provided in this policy.

Please note that the right to erasure of personal data is not absolute and does not apply in all cases. Therefore, we may not be able to comply with your request to erase personal data, particularly in situations where the processing of personal data is necessary:

Exercise the right to freedom of expression and information;

• to comply with our legal obligations;

• for reasons of public interest relating to public health;

• for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, where erasure of the data would be likely to prevent or seriously jeopardise the achievement of the purposes of the processing;

• for the establishment, exercise or defence of legal claims.

Right to restrict the processing of personal data

• You have the right to have us restrict the processing of your personal data where

• You dispute the accuracy of the personal data. In this case, the restriction will apply for the time necessary for us to verify the accuracy of the personal data.

• The processing is unlawful and you refuse to delete the personal data and instead request a restriction on its use.

• We no longer need your personal data for the purposes for which we processed it, but you need it for the establishment, exercise or defence of legal claims;

• You object to the processing (see below). In this case, the restriction will apply for a period of time until it is verified that our legitimate grounds outweigh your legitimate grounds.

During the period of restriction, we may process your personal data (except for storage) only with your consent or for the establishment, exercise or defence of our legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. As stated above, you may request a restriction on processing by contacting us using the contact details set out in this policy.

Right to object to processing

You have the right to object to the processing of your personal data in the following cases

Where personal data is processed on the grounds that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or for the purposes of our legitimate interests, and you object to the processing, we may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of our legal claims.

If personal data is processed for direct marketing purposes and you object to the processing, we will no longer process the personal data for those purposes.

If your personal data is processed for scientific, historical research or statistical purposes, we will no longer process it unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You may object to this by using the contact details provided in this policy.

Right to data portability

Where we process your personal data on the basis of your consent or because it is necessary for the performance of a contract between us, you have the right to obtain from us the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and to have that data transferred to another controller or to request that we provide that data directly to another controller where technically possible. To obtain your personal data, please contact us using the contact details set out in this policy.

Right to complain to a supervisory authority

If you believe that the processing of your personal data is in breach of the obligations set out in the GDPR, you have the right to lodge a complaint with the data protection supervisory authority in your place of residence. The supervisory authority in the Czech Republic is the Office for the Protection of Personal Data.

Data Protection Authority

Pplk. Sochora 27

170 00 Prague 7

Telephone: 234 665 111

E-mail: posta@uoou.cz Mailbox: qkbaa2n

www.uoou.cz

In accordance with the legislation referred to in Article 5 of the Policy, you are required to provide us with identification and other necessary information if we are to enter into a contract with you. If you do not provide personal data, we will not be able to enter into a contract with you.

The privacy policy is valid from 31.8.2023.

We may update this policy, e.g. when we modify the services provided, changes in the Nano Energies Group, due to legislative developments, etc. It is therefore in your own interest to familiarise yourself with the current version on a regular basis.