PRIVACY POLICY

Last Updated and Effective April 27, 2023

INTRODUCTION

This Product or Service is operated by Emporia Corp (“Emporia,” “us,” “our,” or “we”). This Privacy Policy (“Privacy Policy”) explains how we collect, process, and share your Personal Data (defined below)when you use our Products and Services. We also describe your rights and choices with respect to your Personal Data and other important information. Please read this Privacy Policy carefully before using our Services and/or providing us with your Personal Data. You can download a copy of this Privacy Policy by clicking here.

TABLE OF CONTENTS

SCOPE OF THIS POLICY

This Privacy Policy applies to Personal Data collected through Emporia’s hardware and devices, e.g. our chargers, smart plugs, batteries, and energy monitors (“Products”), and our “Services” that link to/post this Privacy Policy, which include:

  • the Emporia corporate website at emporiaenergy.com (including any subdomains or mobile versions, the “Website(s)”);
  • our web and mobile applications (“Apps”) and web portals (collectively, our “Platform”);
  • and our support services (“Support”).

This Privacy Policy applies only to Emporia, our Products, and the Services that Emporia provides to you. We may partner or integrate with programs or services (“Third-Party Integrations”), for example:

  • “Utility Integrations” – Programs, devices, or services provided by or in partnership with your electric utility (“Utility”); or
  • “Provider Integrations” – Programs, devices, or services provided by or in partnership with third-party hardware or service providers (“Third-Party Provider(s)”).Note, Emporia engages with numerous Third-Party Providers, and these Third-Party Providers may include, for example, third-party technology platforms, as well as managed service providers or installers that use Emporia products or services.

Where you participate in a Third-Party Integration, we may receive data from a Utility or Third-Party Provider (“Inbound Integration”), or the Utility or Third-Party may receive or have access to data collected through our Products and Services (“Outbound Integration”). In each case, your data may be subject to separate third-party privacy policies, and you may have additional or different rights in your data when processed by those parties. The processing of your Personal Data by Utilities and Third-Party Providers is outside the scope of this Privacy Policy, and is not under the control of Emporia.

Similarly, this Policy does not apply to, and we are not responsible for, Personal Data processed by other third parties, for example, when you visit a third-party website or service, unless and until we receive your Personal Data from those parties or request that such third-party process Personal Data on our behalf. Any processing of Personal Data not done at the direction or on behalf of Emporia is outside the scope of this Privacy Policy.

WHO WE ARE

The “Business” or “Controller” processing your Personal Data subject to this Privacy Policy is Emporia Corp. Utilities and Third-Party Providers are separate Businesses/Controllers.

If you have any comments or questions about this Privacy Policy or Emporia’s privacy practices, or to exercise your rights as described below, please contact us at:

General Inquiries: info@emporiaenergy.com

Data Rights Inquiries: You may submit a rights request by emailing us at RightsRequests@emporiaenergy.com.

CATEGORIES AND SOURCES OF PERSONAL DATA

WHAT IS PERSONAL DATA?

“Personal Data” refers to data that relates, or that is linked or linkable, to an identified or identifiable individual or household. Personal Data includes data that directly identifies you — such as your name —as well as data that does not directly identify you, but that can reasonably be used to identify you — such as the serial number of your device.

Categories of Personal Data We Process

The categories of Personal Data we collect and use include are as follows (specific data elements are examples that may be subject to change):

Identity Data– Information such as:

  • your name, unique identifiers, username;
  • address, email address, telephone number, account handle (“Contact Data”); or
  • account login details.

Device Data –Information about connected devices/hardware, our Products, and devices that access our Services (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers, user ID, user-defined devices/locations, or device characteristics) and their usage (e.g. information such as session time, session length, usage history, metadata regarding date/time/power used)or other data similarly related to your use of electronic networks, and connected devices/hardware.

Commercial Data –Information such as details of Products you purchase/install, the Services you receive, and other purchasing or consuming histories or tendencies.

Power Data –Information relating to electrical storage, generation, utilization, metering, and consumption.

Inference Data –Information relating to inferred preferences and trends, such as the Products, Services or devices, you use, power generation/utilization trends and related analytics, and (in the case of our marketing operations) inferred demographics or interests.

User Content –Information such as unstructured/free-form data that may include any category of Personal Data, e.g. data provided in free text fields such as messages, comments, forms, or responses.

Payment Data – Payment card information. Note that Payment Data may be considered “sensitive personal information” or “sensitive personal data” under applicable law.

Sources of Personal Data we Process

We collect Personal Data from various sources, which vary depending on the context in which we process that Personal Data:

From you - You may provide us with Personal Data when you make a purchase, register for an account on our Platform, contact us, connect our Products, enter information into our Apps, initiate Inbound Integrations, or otherwise submit or grant us access to information.

Automatic collection - We automatically collect, store, and use technical information about your device and hardware that interacts with our Products or Services interaction when you visit our Website or use our Apps. For example, this data may be collected passively using cookies, scripts running in your browser, or other automated technologies.

Personal Data we create or receive from third parties - We may receive Personal Data from service providers that provide Products and Services on our behalf, e.g. through cookies and similar technologies. We may also receive Personal Data from Third-Party Partners that use our Services on your behalf.

Data that we create or infer - We may create Inference Data using other Personal Data we process, or generate Aggregate Data relating to certain trends, habits or other analytics.

CONTEXTS FOR COLLECTING AND PROCESSING PERSONAL DATA / NOTICES AT COLLECTION

Our use of Personal Data depends on who you are and how you interact with us. When you use our Products and Services, we process Personal Data in specific contexts and for certain specified purposes, as well as for our general Business Purposes. Residents of certain jurisdictions may be entitled to additional notices under applicable law; see the “Supplemental Privacy Rights and Notices” section below for more information.

Our Products

We collect certain Personal Data when you install and use our Products. For example, we may process Identity Data, Power Data, and Device Data from the Product you are using, or other devices connected/integrated with our Products. We may also create Inference Data derived from the data collected through your use of our Products. For example, we may analyze Device Data and Power Data to determine power consumption patterns, anomalies, and trends, and make suggestions regarding power utilization, or enable certain Product or power management features. If you register or associate your Emporia device with our Platform, we will collect and process additional Identity Data, Device Data, and Commercial Data as appropriate to process your registration and associate Products with your User Account.

We generally use this Personal Data as in order to provide our Products and Services, to integrate Products with your User Account and our Platform, or (subject to any necessary consents) for certain telemetry, bug fixing, crash reporting, and similar logs and metrics relating to the performance and operation of the Service or Product. We may also push or make available updates to our Products.

We may also process Personal Data collected via our products and software for our other Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Emporia Shop

We generally process Identity Data, Payment Data, Device Data (relating to your device), and Commercial Data when you engage in a purchase transaction. Our shop may allow you to pay using third-party payment or ordering/fulfillment providers (such as Venmo, PayPal or Amazon). If you use a third-party payment processor or ecommerce platform where you have an account, your Personal Data will be processed by the third-party as set forth in the third-party’s privacy policy. We may receive your Identity Data and Commercial Data from that third-party, in which case, that Personal Data will be processed as set forth in this Privacy Policy. Payment transactions made directly through our shop will be processed via our payment services provider on our behalf.

We process Personal Data in this context as necessary to perform or initiate a contract with you, process your order and payment, and carry out fulfillment and delivery. In addition, we may also collect or create Device Data (relating to the Product purchased) and Inference Data in connection with your transaction. Where permitted by law, we use the Identity Data, and Contact Data collected from your purchase to provide you with information regarding the Products you purchased, and we may send you marketing communications (subject to your consent where required by law) as described further below.

In some cases, if your purchase is made through a supplier, or in connection with a Third-Party Integration, then we may share certain Identity Data, Device Data (relating to our Product) and other Commercial Data with the Utility or Third-Party Provider participating in the Third-Party Integration or otherwise managing the purchase or installation of the Product/Service on your behalf.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Platform and User Accounts

When a User account is created on our Platform (“User Account”), we process Identity Data, Device Data, and Contact Data. We also allow for the creation of master customer accounts that relating to an end customer (“Customer Accounts”), and partner accounts for Third-Party Providers that are granted access to Customer Accounts as part of a Third-Party Integration (“Partner Accounts”). See the “Third-Party Integrations” section below for information relating to data shared between Customer Accounts with Partner Accounts.

When our Products, or other devices, hardware, or services (e.g. via a Third-Party Integration) are associated with a Customer Account, we will collect and link to the Customer Account additional Device/Network Data relating to the connected hardware (including our Products), as well as relevant Power Data, and we may generate Inference Data (such as power generation and usage trends, hardware consumption analytics, etc.)

We process Personal Data in relation to User Accounts and associated information primarily to create, maintain, and provide you with information about your User Account, provide the Platform, deliver the features, functionality, and any other Services you request, and provide you with information about the Products associated with your User Account.

When you create a User Account, we will use the Identity Data, Commercial Data, and Contact Data as necessary to provide you with information regarding your User Account, our Service, and connected Products. Subject to your consent where required by law, we may also use this information (together with Inference Data) to send you marketing communications as described further below.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Please note – Customer Accounts may be created by you, or in some cases, may be made by Third-Party Providers managing your Customer Account on your behalf. Further, certain Outbound Integrations may authorize sharing of data automatically, or using Partner Accounts. See below for more information.

Third-Party Integrations

We collect Identity Data, Power Data, Device Data, and we may generate Inference Data, when you initiate Inbound Integrations. Similarly, we may share Identity Data, Power Data, and Device Data when you initiate Outbound Integrations.

If you initiate or authorize an Outbound Integration, you direct us to share certain data with the relevant Utility or Third-Party Provider. As part of certain Outbound Integrations, designated Third-Party Providers may access our Portal to accessor retrieve your Personal Data through a Partner Account, or we may share this information automatically (e.g. via API). Utilities and Third-Party Providers may use your Personal Data for additional purposes, and may have supplemental privacy notices that apply to data collected or processed through our Services. In some cases, Utility Integrations may allow for Utilities to manage your electrical systems or devices based on the information shared. Please contact these third parties for additional information regarding their privacy practices.

We generally process Personal Data in relation to Third-Party Integrations as necessary to connect with the Utility or Third-Party Provider to provide or enable specific features or functions provided or enabled by the Utility or Third-Party Provider. For example, we may receive information from third-party products or services through integration with technology partners to allow you to manage additional devices through our platform, or enable and manage in Distributed Energy Resource Management System (DERMS) tools, or other demand/load/time of day-functionality enabled, supported, or integrated with the Utility or Third-Party Provider.

Generally, when a customer authorizes an Outbound Integration via a Partner Account, we may grant the Third-Party Partner access to certain Identity Data, Device Data, Power Data, and Inference Data related to the Customer Account. We do not grant Partner Accounts access to Identity Data other than user-generated channel names. Similarly, we may limit the granularity of Power Data available to Third-Party Vendors. Utilities generally can see only Power Data at the resolution specified by the Utility. Third-Party Integration terms may permit or require the sharing of additional Personal Data, so please review any Third-Party Integration terms to which you agree; these terms will control to the extent in conflict with this section.

We may use this Personal Data, and the Contact Data you provide, to contact you about the Third-Party Integration and related support or transactional communications. Subject to your consent where required by law, we may also use this information (together with Inference Data) to send you marketing communications, as described further below.

We may also use Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Our Apps and Websites

Generally

When you use our Apps and Websites, we automatically collect and process Identity Data and Device Data. We use this data as necessary to provide the service you request, initiate or fulfill your requests for certain features or functions through our Apps and Websites, such as keeping you logged in, delivering pages, etc. In addition to Device Data, we may also collect and process certain Inference Data (including through the use of cookies and similar technologies), such as information relating to Website stability and navigation patterns.

We process Personal Data collected from our Apps and Websites as necessary to ensure the security of our Apps and Websites and other technology systems, to prevent fraud, and otherwise analyze the use of our Apps and Websites, to help us develop new features, products, or service, or make improvements to the performance, usability, or market ability of our Apps and Websites.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Cookies and other tracking technologies

We use cookies and similar technologies (such as scripts or web tokens) on our Apps and Websites. These technologies may be used to collect or create Device Data relating to the device you used to access our Apps/Website, certain Identity Data (e.g. device identifiers), or Inference Data. Third parties may be allowed to view, edit, or set their own cookies or place web beacons on our Apps and Websites on our behalf.

Cookies and similar technologies allow us and third parties to distinguish you from other users of our Apps and Websites, and understand additional information regarding how the performance and use of our Apps and Websites. Specifically, we and authorized third parties may use cookies and similar technologies for the following purposes:

  • for “essential” or “functional” purposes, such as to maintain User sessions, to deliver content, for security functions, and enable certain features of our Apps and Websites;
  • for “analytics” purposes, such as to analyze the traffic to and usage of our Apps and Websites (for example, how many people have looked at a page, how visitors navigate our Apps and Websites, what website they visited prior to using our Apps and Websites, and use this data to understand user behaviors and improve the design and functionality of our Products and Services); and
  • For “Advertising” purposes - These cookies and similar technologies enable “retargeting” and other forms of contextual or direct advertising by our service providers. We do not engage in cross-context behavioral advertising.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Please note – Certain third parties may be able to identify you across sites and service using cookies and similar tracking technologies. The use of third-party technologies may be subject to the privacy policies of that third-party.

Marketing communications

We may send you automated marketing and promotional messages via email, SMS, or (if you use our App) via push notification. We may process Identity Data, Device Data, Inference Data, and Commercial Data to send and customize these messages. You may receive these messages if you are a registered user (subject to your consent where required by law), or if you consent to such communications. We may also send you these communications if you contact us. We may also collect Device Data and Contact Data so that we can determine whether you have opened or forwarded an email or interacted with our communications.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

When you contact us or request Support

When you contact us (e.g. as part of a contact us form, online chat, or Support request) we may collect and process Identity Data, including the Contact Data you provide, Device Data, and any Audio/Visual data or User Content you provide. We use this Personal Data as necessary to address your request, fulfill the purpose for which that information was provided, or for other related purposes, including but not limited to communicating with you about our Service or Emporia. Additionally where you consent, or if otherwise permitted by law, we may send you marketing communications as described above.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Feedback and surveys

We may process Identity Data, Contact Data, Inference Data, and User Content collected in connection with user surveys or questionnaires. We generally process this Personal Data as necessary to respond to user requests/feedback, and create aggregate analytics regarding user opinion or satisfaction. We may store and analyze feedback for our purposes, for example, to personalize the Products and Services, or to improve our Products and Services.

We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

Warranty, Returns, and Repairs

If you have a warranty claim regarding a Product you purchased, or if you submit a product for return/repair, we may collect additional Device Data, as well as Identity Data and Contact Data in connection with the submission and processing of such claim. If you are entitled to refund, we may collect Payment Data in order to process the refund transaction. We may also process Personal Data collected in this context for our Business Purposes. We do not sell or share (as share is defined in CCPA) Personal Data collected in this context. See below for information regarding how long we retain Personal Data.

BUSINESS PURPOSES OF PROCESSING PERSONAL DATA

In addition to the specific processing purposes set out above, we and our service providers process Personal Data as necessary for certain legitimate interests/business purposes, as described below (“Business Purposes”):

Service Provision and Contractual Obligations

We process any Personal Data as is necessary to provide our Products and Services, to fulfill orders, to process requests, to authenticate users, and as otherwise necessary to fulfill our contractual obligations to you. Additionally, we may use Personal Data as necessary to audit compliance, and log or measure aspects of service delivery (e.g. to document ad impressions).

Internal Processing and Service Improvement

We may use Personal Data for analyzing and improving our Products and Services, to develop new features or functionality, understanding how our Products and Services are used, for customer service purposes, in connection with logs and metadata relating to service use, and for debugging, and similar purposes.

Security and Incident Detection

We may process Personal Data to improve the security of our Products and Services, to identify and prevent crime, and prevent fraud. We may analyze network traffic, device and activity patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security and anti-fraud activities.    

Compliance, Safety, and Public Interest

We may also process any Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law and make requests, for the establishment and defense of legal claims, or where we must comply with our legal obligations, lawful requests from competent government or law enforcement officials, and as may be required to meet legal or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law. See the “Lawful Recipients” section below for more information

Aggregated/Anonymized data

We process Personal Data about our Products, users and Services in order to identify trends, such as to create aggregated or anonymized data about performance, use, stability, defects, and other similar information (“Aggregated Data”). We may also retain and use this information in connection with the development of our Products and Services. We may pass Aggregated Data to certain third parties to give them a better understanding of our business and to improve our Products and Services. Aggregated Data will not contain information from which you may be personally identified.

Personalization

We may personalize or customize aspects of the Products and Services based on your interactions with our content, and other Personal Data we process. For example, we may tailor our marketing communications to your location, user profile, the Emporia Products you own, your activity on our Products and Services, and your preferences. Similarly, we may adapt our Services and User Account to you and your preferences. For example, we may adapt our Platform to show you the Products you use and interact with the most, or the features and functionality you prefer.

Corporate Events

Any Personal Data may be processed in connection with our corporate activities (e.g. accounting, sales forecasting, investor matters) or in the event we go through business transition, such as a merger, acquisition, liquidation, sale of all or a portion of our assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

SHARING/DISCLOSURE OF PERSONAL DATA

Personal Data we collect may be disclosed to or made available to a variety of parties, depending upon the purpose for and context in which that information was provided. We generally disclose Personal Data to the parties and in the contexts described below.

Third-Party Integrations

We share Personal Data with relevant Utilities and Third-Party Providers if you elect to participate in Outbound Integrations. Specific Personal Data shared may vary based on the Third-Party Integration. See the “Third-Party Integration Section” for information relating to the specific nature of data shared as part of Third-Party Integrations.

Please note: Utilities and Third-Party Providers are independent from Emporia, and have their own privacy policies that govern the Personal Data they receive via Third-Party Integrations. These parties may disclose Personal Data for additional purposes and to additional third parties. Please review any supplemental privacy notices that apply to data processed by Utilities and Third-Party Providers in order to understand how these parties may disclose Personal Data.

Service Providers

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with processors, service providers, or sub processors who provide Products and Services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Websites or Apps, or we may disclose Personal Data as part of our own internal operations, such as security operations, internal research, and other Business Purposes.

Successors

Any Personal Data may be disclosed in the event that we go through a business transition, such as a merger, acquisition, liquidation, sale of all or a portion of our assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Corporate Affiliates

In order to streamline certain business operations and develop products and Products and Services that better meet the interests and needs of our users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, investors and/or parent companies.

Lawful Recipients

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other Personal Data that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime (including in connection with law enforcement, child welfare, or other legal investigations), to investigate violations of our Terms of Use, or when in the vital interests of us or any person.

We may also disclose any Personal Data on relevant public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, for public health and other matters in the public interest.

Other Disclosures

We may disclose any Personal Data in accordance with your consent or requests to disclose data to third parties.

YOUR RIGHTS AND CHOICES

You may have certain rights and choices regarding the Personal Data we process. Please note these rights may vary based on the country or state where you reside, and our obligations under applicable law. Residents of certain jurisdictions may have additional rights under applicable law; see the “Supplemental Privacy Rights and Notices” sections below for more information.

Your Rights

Generally

You may have certain rights and choices regarding the Personal Data we process. Please note these rights may vary based on the country or state where you reside, and our obligations under applicable law. Specific rights and disclosures are described in the “Supplemental Privacy Rights and Notices” sections below. To exercise your rights under applicable law, you may submit a request by emailing us at RightsRequests@emporiaenergy.com.

Rights Request Verification

All rights requests we receive directly must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. There may be situations where we cannot grant your request, e.g. if we are legally obligated to keep Personal Data to comply with applicable law. We may also decline to grant a request where our interests in the continued processing of Personal Data outweighs individual privacy concerns, e.g. in relation to anti-fraud and security purposes, or a request for deletion of an account that is being investigated for security concerns. We may also deny your privacy request if it jeopardizes the privacy of others, is frivolous or vexatious, or as otherwise provided under applicable law.

Your Choices

Marketing Communications

You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email, following any opt-out instructions in the communication. In some cases, you may be able to opt-out by emailing us at RightsRequests@emporiaenergy.com.

Withdrawing Your Consent/Opt-Out

Where we are processing your Personal Data based on your consent (for example, as part of a Third-Party Integration or marketing communications), you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot maintain certain Products or perform certain Services for you.

Please note – if you have consented to certain Third-Party Integrations, you may be required to initiate or complete your withdrawal of consent through your Utility or Third-Party Provider. Please review the terms Third-Party Integration for additional detail.

Do-Not-Track

Our Products and Services do not respond to your browser’s do-not-track request.

Cookies and Similar Technology

If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. Some devices allow you to control this through your device settings. You must opt out of third-party Products and Services directly via the third-party. For example, to opt-out of please see the Google Analytics Terms of Use, the Google Policy, and Google Analytics Opt-out. Disabling cookies and similar technologies may cause the Service to not function properly and certain features, functionality or Products and Services may not be available.

DATA RETENTION

As a general matter, we retain Personal Data for so long as it, in our discretion, is necessary to achieve the processing purposes described in this Privacy Policy, and in any event, for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):

  • Retention periods established under applicable law;
  • Industry best practices;
  • Whether the purpose of processing is reasonably likely to justify further processing;
  • Risks to individual privacy in continued processing;
  • Applicable data protection impact assessments;
  • IT systems design considerations/limitations; and
  • The costs associated with continued processing, retention, and deletion.

We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods.

DATA SECURITY

We implement and maintain reasonable security measures to secure your Personal Data from unauthorized access. While we endeavor to protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.  In the unlikely event of a security breach that affects your personal data, Emporia will notify you  if required under applicable laws.

INTERNATIONAL TRANSFERS

If you are located outside the US, your Personal Data may be transferred to and/or processed in the United States, or other locations where we or our Sub processors process Personal Data. For example, Personal Data maybe processed by staff operating in the United States engaged in, among other things, the provision of our Products and Services to you, the processing of transactions and/or the provision of support Products and Services.

MINORS

We do not knowingly collect Personal Data from an individual under age 18, and have no actual knowledge of collecting Personal Data from minors under 18. If you are under the age of 18,please do not submit any Personal Data through our Products and Services. If you have reason to believe that we may have accidentally received Personal Data from an individual under age 18, please contact us.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to change our Privacy Policy from time to time. Any such changes will be posted on this page, and you will be notified if required under applicable laws. Your continued use of our Products and Services constitutes your acceptance of any revised Privacy Policy.

ADDITIONAL RIGHTS AND DISCLOSURES: UNITED STATES

Rights under US State Laws

Under the California Consumer Privacy Act (“CCPA”) and other US state laws, you may have the following rights, subject to your submission of an appropriately verified request. Please note – These rights may be available only to certain individuals, and we may verify eligibility in connection with your exercise of any rights under applicable US state laws.

Right to Know/Confirm

You may have the right to confirm whether we process your Personal Data

Right to Know/Access; Portability

You may have the right to request any of following: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

You may also request that we share this data with you in a common, portable format of our choice, subject to certain limitations under applicable law.

Please note –We may be prohibited under applicable law from sharing certain specific pieces of Sensitive Data in response to a right to know/access request. In such cases, we will provide information relating to the category of Sensitive Data.

Right to Correct

You may have the right to request that we correct Personal Data that you believe to be inaccurate.

Right to Delete

You may have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.

Right to Non-Discrimination

California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.

Direct Marketing

California residents may have the right to request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year (if any).

Submission of Requests

You may submit requests by emailing us at RightsRequests@emporiaenergy.com.

Verification of Requests

All rights requests must be verified. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Please note – we may request additional information, depending on the sensitivity of data you request.

Supplemental Privacy Notices

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we may disclose to third parties, certain categories of Personal Data for “business purposes,” as specified below. See the “Business Purpose of Processing” section above for more information regarding these purposes.

Data Category
Business Purpose Recipients
Identity Data
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
Device Data
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
Power Data
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
Commercial Data
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
Inference Data
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
User Content
Third Party Integrations; Service Providers; Successors; Affiliates; Lawful Recipients
Payment Data
Service Providers; Successors;  Lawful Recipients

Categories of Personal Data Sold

We do not “sell” your Personal Data, and have not done so      since the inception of Emporia Corp. We do not have actual knowledge that we have sold or shared the Personal Data of any person 16 or under. 

Sensitive Data

To the extent Payment Data considered “sensitive personal information” under CCPA, we collect, use and disclose such data only to process your transactions and for the Business Purposes authorized under applicable law.

ADDITIONAL RIGHTS AND DISCLOSURES: EU/EEA/SWITZERLAND

Legal Bases for Processing Your Information (For Users in EEA/UK/Switzerland)

Legal Basis
Description of Basis & Relevant Purposes
Relevant Contexts / Purposes / Disclosures
Performance of a contract
The processing of your Personal Data may be necessary to perform the agreement you have with us to provide products and Products and Services, e.g. to open and maintain your user accounts, to ship a product you have purchased, or process your request. 

Relevant Contexts

  • Our Products (General processing)
  • Emporia Shop (General processing)
  • Platform and User Accounts (General processing)
  • Third Party Integrations (General processing)
  • Our Apps and Websites (General processing)
  • Feedback and surveys (General processing)
  • Warranty, Returns, and Repairs (General processing)
  • When you contact us or request Support (General processing)

Relevant Business Purposes

  • Service Provision and Contractual Obligations

Relevant Disclosures

  • Third Party Integrations
Legitimate interests
We may use your Personal Data as necessary for our legitimate interests. For example, we rely on our legitimate interest to administer, analyze and improve our Websites and related content, to operate our business including through the use of service providers and subcontractors, to send you notifications about our Websites or products you have purchase, for archiving, recordkeeping, statistical and analytical purposes, and to use your Personal Data for administrative, fraud detection, audit, training, security, or legal purposes. See the Business Purposes of Processing section above for more information regarding processing performed on the basis of our legitimate interests.

Relevant Contexts

  • Our Products (Secondary Uses, Business Purposes)
  • Emporia Shop (Secondary Uses, Business Purposes)
  • Platform and User Accounts (Secondary Uses, Business Purposes)
  • Third Party Integrations (Secondary Uses, Business Purposes)
  • Marketing communications (Secondary Uses, Business Purposes)
  • Our Apps and Websites (Secondary Uses, Business Purposes)
  • Feedback and surveys (Secondary Uses, Business Purposes)
  • Warranty, Returns, and Repairs (Secondary Uses, Business Purposes)
  • When you contact us or request Support (Secondary Uses, Business Purposes)

Relevant Business Purposes

  • Internal Processing and Service Improvement
  • Security and Incident Detection
  • Compliance, Safety, and Public Interest
  • Aggregated/Anonymized data
  • Personalization
  • Corporate Events

Relevant Disclosures

  • Service Providers
  • Successors
  • Corporate Affiliates
  • Lawful Recipients
Consent
You are free to withdraw any consent you may have provided, at any time, subject to the Your Rights and Choices section and Legal Bases for Processing Your Information in this Section. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal.

Relevant Contexts

  • Third Party Integrations
  • Marketing communications

Relevant Disclosures

  • Third Party Integrations
Compliance with legal obligations
We may use your Personal Data to comply with legal obligations to which we are subject, including to comply with legal process. See the Business Purposes of Processing section above for more information regarding processing performed for compliance purposes.

Relevant Business Purposes

  • Compliance, Safety, and Public Interest

Relevant Disclosures

  • Lawful Recipients
Performance of a task carried out in the public interest
We may use your Personal Data to perform a task in the public interest or that is in the vital interests of an individual. See the Business Purposes of Processing section above for more information regarding processing performed for such purposes.

Relevant Business Purposes

  • Compliance, Safety, and Public Interest

Relevant Disclosures

  • Lawful Recipients

EEA/UK/Swiss Privacy Rights

Under the GDPR and analogous legislation, you may have the following rights, subject to your submission of an appropriately verified request, as described above in the Your Rights section:

Rights
Details
Access:
You have a right to know what Personal Data we collect, use, disclose, or otherwise process, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law. You may be able to access some of the Personal Data we hold about you directly through the account settings menu.
Rectification:
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided to us using the account settings menu.
Delete:
To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your Personal Data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Data will be erased in connection with your request.
Data Export:
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Objection:
You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent in connection with our legitimate business interests (including any processing specified as such, or processed under this Privacy Policy for a Business Purpose). You may do so by contacting us. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests.

You may also object to processing for direct marketing purposes. We will cease this processing upon your objection. See the “Your Rights and Choices” section for more information.
Regulator Contact:
You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

International Transfers

We process data in the United States, and other countries where our subprocessors are located. Some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we transfer Personal Data outside the EEA/Switzerland/UK, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include imposing contractual obligations of adequacy, using the EU standard contractual clauses or Binding Corporate Rules, or requiring the recipient to subscribe to or be certified with an ‘international framework’ of protection. You can obtain more information about the safeguards we put in place by contacting us using the information above.