DER Security Corp Privacy Policy

Your privacy is important to us. This privacy statement explains the personal data DER Security Corp (“DERSec”) processes, how DERSec processes it, and how it uses it.

DERSec offers a wide range of products, including security products used to protect distributed energy devices and systems, digital twin solutions used for scale testing distributed energy management systems and security applications, testing solutions used by product manufacturers and compliance testing laboratories, and services energy developers use to identify existing or proposed new energy generation systems. References to DERSec products in this statement include DERSec services, websites, apps, software, servers, and devices.

Please read the product-specific details in this privacy statement, which provide additional relevant information. This statement applies to the interactions DERSec has with you and the DERSec products listed below, as well as other DERSec products that display this statement.

For individuals in the United States, please refer to our U.S. State Data Privacy Notice for additional information about the processing of your personal data, and your rights under applicable U.S. state data privacy laws.

1.   Personal data we collect

DERSec collects data from you, through our interactions with you and through our products. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products. The data we collect depends on the context of your interactions with DERSec and the choices you make, including your privacy settings and the products and features you use. We also obtain data about you from DERSec affiliates, subsidiaries, and third parties.

You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. Many of our products require some personal data to provide you with a service. If you choose not to provide data required to provide you with a product or feature, you cannot use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you are using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalization that use such data will not work for you.

2.   How we use personal data

DERSec uses the data we collect to provide you with rich, interactive experiences. We use data to:

  • Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
  • Improve and develop our products.
  • Personalize our products and make recommendations.
  • Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.

We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.

In carrying out these purposes, we combine data we collect from different contexts (for example, from your use of two DERSec products) or obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

Our processing of personal data for these purposes includes both automated and manual (human) methods of processing. Our automated methods often are related to and supported by our manual methods. For example, to build, train, and improve the accuracy of our automated methods of processing (including artificial intelligence or AI), we manually review some of the output produced by the automated methods against the underlying data.

As part of our efforts to improve and develop our products, we may use your data to develop and train our AI models.

3.   Reasons we share personal data

We share your personal data with your consent or to complete any transaction or provide any product you have requested or authorized. We also share data with DERSec-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights and property of DERSec and its customers.

Please note that, as defined under certain U.S. state data privacy laws, “sharing” also relates to providing personal data to third parties for personalized advertising purposes. Please see the U.S. State Data Privacy section below and our U.S. State Data Privacy Laws Notice for more information.

4.   How to access and control your personal data

You can also make choices about the collection and use of your data by DERSec. You can control your personal data that DERSec has obtained, and exercise your data protection rights, by contacting DERSec or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law. How you can access or control your personal data will also depend on which products you use. For example, you can:

  • Choose whether you wish to receive promotional emails, SMS messages, telephone calls, and postal mail from DERSec by emailing support@dersec.io.
  • Access and clear some of your data through the DERSec privacy dashboard.

Not all personal data processed by DERSec can be accessed or controlled via the tools above. If you want to exercise your data protection rights for your personal data processed by DERSec that is not available via the tools above or directly through the DERSec products you use, you can always contact DERSec by emailing support@dersec.io.

5.   Cookies and similar technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, providing interest-based advertising, combating fraud, analyzing how our products perform, and fulfilling other legitimate purposes.

We also use “web beacons” to help deliver cookies and gather usage and performance data. Our websites may include web beacons, cookies, or similar technologies from DERSec affiliates and partners as well as third parties, such as service providers acting on our behalf.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

6.   Products provided by your organization—notice to end users

If you use a DERSec product with an account provided by an organization you are affiliated with, such as your work or school account, that organization can:

  • Control and administer your DERSec product and product account, including controlling privacy-related settings of the product or product account.
  • Access and process your data, including the interaction data, diagnostic data, and the contents of your communications and files associated with your DERSec product and product accounts.

If you lose access to your work or school account (in event of change of employment, for example), you may lose access to products and the content associated with those products, including those you acquired on your own behalf, if you used your work or school account to sign in to such products.

Many DERSec products are intended for use by organizations, such as schools and businesses. Please see the Enterprise Products section of this privacy statement. If your organization provides you with access to DERSec products, your use of the DERSec products is subject to your organization’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When you use social features in DERSec products, other users in your network may see some of your activity. To learn more about the social features and other functionality, please review documentation or help content specific to the DERSec product. DERSec is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.

When you use a DERSec product provided by your organization, DERSec’s processing of your personal data in connection with that product is governed by a contract between DERSec and your organization. DERSec processes your personal data to provide the product to your organization and you, and in some cases for DERSec’s business operations related to providing the product as described in the Enterprise Products section. As mentioned above, if you have questions about DERSec’s processing of your personal data in connection with providing products to your organization, please contact your organization. If you have questions about DERSec’s business operations in connection with providing products to your organization as provided in the Product Terms, please contact DERSec as described in the How to contact us section. For more information on our business operations, please see the Enterprise Products section.

7.   DERSec account

With a DERSec account, you can sign in to DERSec products, as well as those of select DERSec partners. Personal data associated with your DERSec account includes credentials, name and contact data, payment data, device and usage data, information about your activities, and your interests. Signing in to your DERSec account enables personalization and consistent experiences across products and devices, permits you to use cloud services, and enables other features.

There are two types of DERSec account:

  • When you create your own DERSec account tied to your personal email address, we refer to that account as a personal DERSec account.
  • When you or your organization (such as an employer or your school) create your DERSec account tied to your email address provided by that organization, we refer to that account as a work or school account.

If you sign into a service offered by a third party with your DERSec account, you will share with that third party the account data required by that service.

8.   Other important privacy information

Below you will find additional privacy information, such as how we secure your data, where we process your data, and how long we retain your data.

9.   Artificial Intelligence

DERSec leverages the power of artificial intelligence (AI) in many of our products and services. DERSec’s collection and use of personal data in developing and deploying AI features is consistent with the commitments outlined in this privacy statement. Product-specific details provide additional relevant information.

10.        Enterprise Products

Enterprise Products are DERSec products and related software offered to and designed primarily for use by organizations and developers. They include:

  • Cloud services, referred to as Online Services in the Product Terms, such as DERSec Sentry, DERSync, and DERSec AHJ Registry, for which an organization (our customer) contracts with DERSec for the services (“Enterprise Online Services”).
  • Server, developer, and hybrid cloud platform products, such as DERSec LabTest, DERSim, SunSpec Dashboard, and open source software that we produce and distribute (“Enterprise and Developer Software”).
  • Appliances and hardware used for edge gateway applications (“Enterprise Appliances”).
  • Professional services referred to in the Product Terms that are available from DERSec, such as onboarding services, data migration services, data science services, or services to supplement existing features.

In the event of a conflict between this DERSec privacy statement and the terms of any agreement(s) between a customer and DERSec for Enterprise Products, the terms of those agreement(s) will control.

You can also learn more about our Enterprise Products’ features and settings, including choices that impact your privacy or your end users’ privacy, in product documentation.

If any of the terms below are not defined in this Privacy Statement or the Product Terms, they have the definitions below.

General. When a customer tries, purchases, uses, or subscribes to Enterprise Products, or obtains support for or professional services with such products, DERSec receives data from you and collects and generates data to provide the service (including improving, securing, and updating the service), conduct our business operations, and communicate with the customer. For example:

  • When a customer engages with a DERSec sales representative, we collect the customer’s name and contact data, along with information about the customer’s organization, to support that engagement.
  • When a customer interacts with a DERSec support professional, we collect device and usage data or error reports to diagnose and resolve problems.
  • When a customer pays for products, we collect contact and payment data to process the payment.
  • When DERSec sends communications to a customer, we use data to personalize the content of the communication.
  • When a customer engages with DERSec for professional services, we collect the name and contact data of the customer’s designated point of contact and use information provided by the customer to perform the services that the customer has requested.

The Enterprise Products enable you to purchase, subscribe to, or use other products and online services from DERSec or third parties with different privacy practices, and those other products and online services are governed by their respective privacy statements and policies.