EU-U.S. and Swiss-U.S. Privacy Shield Notice

This Privacy Shield Notice was last revised on July 9th,2018

Urjanet commits to conduct its business according to the EU -U.S. Privacy Shield framework and the Swiss – U.S. Privacy Shield Framework (the “Privacy Shield”) which became effective August 1, 2016 for the EU and January 12, 2017 for Switzerland. The Privacy Shield was developed by the U.S. Department of Commerce (DOC), the European Commission (the “EC”) and the Swiss Administration to provide companies based in the United States (U.S.), the European Union (EU) or Switzerland a mechanism to transfer data on European nationals to the U.S. and provide such European nationals the data protection available in the EU and Switzerland, in order to support transatlantic commerce. The EC and the Swiss Administration deem the Privacy Shield adequate to enable data transfers under EU and Swiss law.

Urjanet complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by DOC regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Urjanet has certified to the DOC that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/welcome.

The following is the Urjanet Privacy Policy as it relates to information about European and Swiss nationals that it obtains from utility companies:

Notice

Urjanet collects information about European and Swiss nationals when such individuals consent to lenders or other entities to permit Urjanet to receive the information directly from their utility providers. The individuals provide their credentials to such entities which is submitted to Urjanet for the purpose of allowing Urjanet to access their utility data directly online.

Urjanet’s customers will include a link to this policy when individuals are first asked to provide personal information to Urjanet or as soon thereafter as it is practicable, but in any event before Urjanet discloses it for the first time to a third party.

Urjanet obtains certifications from its customers that the individual has provided explicit authorization, pursuant to intelligible and easily accessible notice that is clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. The notice will clearly explain the purposes for which the data is obtained and used.

The types of personal information that may be collected include the individual’s identification and location information, as well as the individual’s utility invoice and payment history.

The information collected is only disclosed pursuant to the consent of the individual. Urjanet does not use personal information for any purpose other than that for which it was originally collected and authorized by the individual and for the support and maintenance of services. Urjanet may anonymize the data for future use in a manner in which it cannot be linked to any identifiable individual.

Notwithstanding the above, Urjanet may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice

As noted above, Urjanet does not collect any personal information without an individual’s unambiguous, voluntary and knowing consent to Urjanet’s clients. The individual’s choice is to not furnish consent or the credentials, in which case Urjanet will not obtain any information. Information is never disclosed to a third party except for the purposes consented to by the individual, or to carry out the purpose for which it was collected. The information is not reused or disclosed by Urjanet for any other purpose. Individuals may discontinue Urjanet’s access to their personal information at any time by submitting a request to privacy@urjanet.com including the following information: Name on utility bill, address on utility bill, utility provider name, utility account number.

Accountability for Onward Transfer

The data will be transferred from the EU and Switzerland to Urjanet in the United States where it will be processed by a processor under the direction of Urjanet. The data will be transferred only for limited and authorized specified purposes as agreed to by the individual. Urjanet will take reasonable and appropriate steps to ensure that its processor effectively processes the personal data transferred in a manner that is consistent with Urjanet’s obligations under the Privacy Shield.

Urjanet will transfer the data to the Urjanet customer in the EU and Switzerland at the request of the individual, pursuant to the individual’s notice and consent.

The transfer of personal data will: (i) be only for limited and specified purposes; (ii) Urjanet’s processor will be obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) Urjanet will take steps to assure that the its processor effectively processes the personal information transferred in a manner consistent with its obligations under the Principles; (iv) the processor will be required to notify Urjanet if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; and (v) upon notice, including under (iv), Urjanet will take reasonable and appropriate steps to stop and remediate unauthorized processing.

Security

Urjanet and its processor maintain a comprehensive information security program designed to anticipate foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality through (a) using administrative, technical, and physical safeguards (Safeguards); (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing the Safeguards; and (c) modifying and upgrading systems, system controls, procedures (including training of employees and management).

Access

Urjanet obtains personal information from the utility company designated by the individual and transfers it to its customer in the EU and Switzerland. Urjanet retains personally identifiable information only for purposes of providing and maintaining services for the customer. If the subject of a report would like to access his/her personal information, and to correct, amend, or delete information that is inaccurate, or has been processed in violation of the Privacy Shield principles, or if the individual would like all information about him/herself deleted, the individual may contact the utility and the individual will be able to access all information maintained at the utility using the individual’s credentials as provided to Urjanet, or contact Urjanet at the following address: privacy@urjanet.com

Changes in Urjanet Privacy Shield Notice

If we decide to change this Privacy Shield Notice, we will post the changes at this Site and at other places we deem appropriate. We reserve the right to modify this Privacy Shield Notice at any time, so please review it frequently.

Contact Us

Individuals with complaints about the collection or use of their personal information should contact:

Privacy Shield Ombudsman

privacy@urjanet.com

If their dispute is not resolved satisfactorily, they may submit it for mediation to:

https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim, an alternative dispute resolution provider located in the United States. The services of JAMS are provided at no cost to the individual.

Urjanet is subject to regulation by the Federal Trade Commission (the “FTC”), and its investigatory and enforcement powers. Under certain circumstances, individuals may submit their complaint to binding arbitration, see:  https://www.privacyshield.gov/article?id=ANNEX-I-introduction.