Privacy Policy

Last updated: Feb 15, 2023

This Privacy Policy explains how Green Energy Pal d.o.o. (“we”, “our”, “us”) collects, uses, and protects your personal data when you use the Enpulse Services.

We are committed to complying with the General Data Protection Regulation (GDPR) and all relevant Croatian and EU data protection laws.

1. Data Controller

Green Energy Pal d.o.o.

Omiška ulica 14, 10000 Zagreb, Croatia

Email: legal@gep.energy

We act as the Data Controller for personal data processed under this Privacy Policy.

2. Data We Collect

We may collect and process the following categories of data:

  • Account Information – name, company name, email address, phone number, billing address
  • Payment Data – payment method, transaction information (processed securely by third-party payment providers; we do not store card numbers)
  • Technical Data – device identifiers, IP addresses, log files
  • Energy Data – consumption, production, and machine activity data provided by Enpulse hardware, third-party APIs, or user input
  • Support Requests – messages, feedback, troubleshooting logs

3. How We Use Your Data

We process personal data for the following purposes:

  • Provide, maintain, and improve Enpulse Services
  • Process orders, payments, and subscription renewals
  • Send service updates, invoices, and renewal notices
  • Respond to support requests and technical issues
  • Analyze energy usage patterns to generate insights
  • Comply with legal obligations (accounting, tax, consumer protection)

4. Legal Basis for Processing

We process your data based on:

  • Contract performance – to deliver the Services you purchased
  • Legitimate interests – to improve our platform, prevent fraud, and ensure security
  • Legal obligations – to meet tax, accounting, and regulatory requirements
  • Consent – for optional activities like marketing emails (you may withdraw consent anytime)

5. Data Sharing

We share personal data only when necessary:

  • With trusted service providers (hosting, analytics, payment processing)
  • When required by law or to respond to lawful requests from authorities
  • During a business transfer (e.g. merger, acquisition) with proper safeguards

We do not sell personal data to third parties.

6. International Data Transfers

Where data is transferred outside the EU/EEA, we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or other lawful mechanisms.

7. Data Retention

We retain personal data only as long as necessary:

  • Account and subscription data – while your account is active and for up to 5 years after termination (for legal obligations)
  • Energy data – for as long as you maintain an active subscription
  • Support data – for up to 2 years after case resolution

8. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive data in a machine-readable format)
  • Lodge a complaint with a supervisory authority (Croatian Personal Data Protection Agency)

To exercise your rights, contact legal@gep.energy.

9. Cookies & Tracking

Enpulse apps and websites may use cookies and similar technologies for analytics and functionality.

Where required by law, we will ask for your consent before setting non-essential cookies. More details are available on our Cookie Policy web page.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, and secure hosting.

11. Children’s Privacy

Enpulse Services are not directed to children under 16, and we do not knowingly collect data from them.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

We will notify you by email and post an updated version on our website.

Continued use of the Services after changes take effect indicates acceptance.

13. Contact

If you have questions about this Privacy Policy, contact us at: legal@gep.energy.