Privacy Policy

1. GENERAL INFORMATION

Hexapower (Open Power) values your privacy and is dedicated to safeguarding your personal data. This Privacy Policy shows how we collect, process, and protect your information. We encourage you to review this policy carefully to understand our practices.

Hexapower Limited is registered in England under company number 14543090, here named “Hexapower”, “Open Power”, “we”, “us”, or “our”. We provide the platform that gives us the capability to handle all the necessary back-end endeavor to manage exports and energy trades (“Service”) to energy generators, energy asset owners, manufacturers, producers, service providers, offtakers, installers, brokers, and customers, here named “Prosumer”, “User”, “you” or “your”. We gather and process data to provide our service.

Open Power and its partners collect and process your personal data when you use our Service (including websites, mobile apps, APIs, and platforms) or interact with our Services.

  • Not for Children: We do not knowingly collect data from minors.
  • Transparency: This policy explains how we handle your data. Always review it alongside any additional privacy notices we provide, as they work together; not in replacement.
  • Controller: Open Power is the controller and we are responsible for the data you give us. We depict why and how your data is being processed.
  • Update to your data: We might regularly review and update privacy policy. If your data changes, please keep us informed.
  • Third-Party Links Disclaimer: Our Service may contain links to external websites or applications. Please note:
    • Clicking these links may allow third parties to collect or process your personal data.
    • We have no control over these external sites and accept no responsibility for their content and privacy policies.
    • For your protection, we strongly recommend reviewing the privacy policy of any third-party before engaging with it.
  • Not Providing Personal Data: If we are required by law or under contract/agreement/LOA (letter of authority) to collect certain personal data from you, and you do not provide it when requested, we may be unable to fulfill our commitment with you. In such cases, we may need to cancel your service. If this occurs, we will notify you at the time.

2. DATA COLLECTION

Personal data ("data" or "information") refers to any data about an individual/firm which helps us identify a person. This personal data helps us deliver our services. Open Power may collect, store, use and transfer this data as:

  • Contact Data: it may include:
    • First name, last name
    • Email addresses, telephones, mobile phones
    • Office/site addresses and postcodes
    • Bank account information
    • Username / encrypted password
    • Social media username (ID), when interacting with us through social media.
  • Profile Data: it may include:
    • Your chosen methods and frequency for receiving communications from us
    • Subscription settings for marketing and non-marketing messages
    • Records of consent (or withdrawal of consent) for sharing data with third parties
    • Responses to surveys and questionnaires
    • Input provided during user research or design programmes
    • Partially anonymised data from app / website / platforms
  • Hardware/Energy Data: it may include:
    • Meter's import MPAN, export MPAN and serial number
    • Total generation capacity (kWp) and estimated export (kWh)
    • Hourly and half-hourly generation, consumption and export data.
    • MOP/DC/DA contracts, their copies or statuses
    • Pictures of the Meter
    • Recent energy bills
    • Inverter's technical specification, such as model, capacity, date of installation.
    • Battery size and charging capabilities
    • CHP capacity and its technical specifications like its capacity.
  • Third-party Account Data: it may include:
    • Any encrypted or anonymised token that links your account to the 3rd party's account
  • Financial / Service Data: it may include:
    • Details of the services we are offering to you
    • Details of energy generation and export (how much, when)
    • Payments information and the relationship (reference) with energy generation and export
  • Device Data: it may include:
    • IP address
    • Geo-location
    • Type or version of the device, operating system, and browser
    • Time zone / locale
    • Cookies (Internet cookies are pieces of data that websites store on a user's computer to remember information about them. Cookies help with personalise experiences and they act like a website's memory)
  • Aggregated Data: We collect, store, and use aggregated data for various purposes. This data may be derived from your personal data but is not legally classified as personal data, as it does not directly or indirectly identify you. For example, Open Power might analyse the data and extract insights about users who export higher amounts compared to the generation capacity. However, if aggregated data is combined with your personal information in a way that could identify you, we treat the combined dataset as personal data and handle it in accordance with this privacy policy.
  • We do not collect:
    • Sensitive information such as race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health data, or genetic/bio-metric data.
    • Any details about criminal convictions or offenses.

3. HOW WE COLLECT DATA

With your consent, we collect data through:

  • Filling forms in the registration / on-boarding steps
  • Sending us emails
  • Speaking with us via telephone or mobile
  • Interacting with our apps / websites / platforms (like cookies)
  • Interacting with our social media channels
  • Transactions with financial institutes and banks for payments
  • Transactions from/to energy parties

4. HOW WE USE DATA

We will only process your personal data when legally permitted. Most commonly, this occurs in the following situations:

  • Legitimate Interests: We may use your data where necessary for our legitimate interests (or those of a third party), provided your rights and interests do not override them. We carefully consider the potential impact on you before proceeding. We will not proceed if the impact on you outweighs our interests (unless legally required or with your consent).
  • Contractual Necessity: To fulfill our obligations under a contract with you (e.g., providing requested services).
  • Legal Compliance: When required to comply with applicable laws or regulations.
  • Marketing: We respect your preferences regarding marketing communications and aim to provide you with meaningful control over how your personal data is used for promotional purposes. To tailor our communications to your interests, we may analyse your data to helps us determine which products, services, or offers may be most relevant to you. You will receive marketing messages from us if you've requested information from us, subscribed to our services or haven't asked us to be opted out of marketing communications. We will never share your personal data with third parties for their marketing purposes; unless with your explicit consent.

We do not engage in automated decision-making or profiling with your data.

5. CHANGE OF PURPOSE

We will only use your personal data for the specific purposes for which it was collected, unless we determine that another use is necessary and compatible with the original purpose. Should we ever need to use your data for an entirely unrelated purpose, we will notify you and clearly explain the legal basis permitting such use.

In certain circumstances, we may process your personal data without your knowledge or consent where legally required or permitted, always in accordance with applicable laws and the principles outlined above.

6. HOW WE SHARE DATA

The information we collect will be used and retained by us, and only shared with third parties when necessary to provide our services to you, as outlined in this policy. With third-party partners, we establish written agreements with strict data security / privacy terms before sharing any information.

We may share your data for the following reasons:

  • Providing Services: To deliver and improve our services, we may share your data with third parties. Additionally, we may share anonymised data (e.g., aggregated energy usage) with energy companies and system operators. This data cannot identify you, as personal details are removed, and location information is generalised (e.g., to a neighborhood or within a defined radius).
  • Legal Compliance: We may disclose data when legally required, such as in response to court orders or law enforcement requests, to protect someone's life in an emergency and to initiate or defend legal claims (e.g., with solicitors or courts).
  • User support: If you contact us for assistance, we may share relevant personal data (e.g., contact details, technical/hardware data) with suppliers or subcontractors to resolve your issue.
  • Enhanced Services: We may partner with third parties to offer enhanced services or rewards. To verify eligibility, we may share energy data with electricity network operators, market operators, or energy service providers and contact details (e.g., email) to facilitate delivery of these services. You may opt out of these services at any time.
  • Business Changes: If we sell, merge, or restructure our business, your data may be shared with the new owners.
  • Other Reasons: We may share data when it aligns with our legitimate interests (after ensuring compliance with data protection laws), you've consented (e.g., for marketing) and required to fulfill a contract with you.

7. DATA SECURITY AND PROTECTION

We implement security measures to safeguard your personal data against accidental loss, unauthorised access, alteration, or disclosure. Access is restricted to employees, agents, and third parties only when strictly necessary for business purposes. All authorised parties are bound by confidentiality agreements and process data solely under our instructions.

  • Breach Response: Any suspected data breaches are addressed and if legally required, we will promptly notify you and relevant regulators of such incidents.
  • Technical Safeguards: We employ technical and organizational measures to secure your personal data and prevent misuse, loss, or alteration.
  • Your Responsibilities: To further protect your account, please:
    • Use a strong, unique password that cannot be easily guessed (by humans or automated programs).
    • Never share your password (we will never request it outside of login page).
    • Never disclose sensitive information (e.g., bank details) for identity verification. If anyone claiming to represent us asks for such details, contact us immediately.

8. DATA RETENTION

We keep your personal data only for as long as needed for the purposes for our business, such as legal, regulatory, tax, accounting, or reporting obligations. In certain cases, such as active complaints, we may keep your data for longer periods.

  • Determining Retention Periods: When establishing retention timelines, we consider the type, sensitivity, and volume of data. Also we consider potential risks from unauthorised use or disclosure. The processing purposes and whether they can be achieved without retaining the data and applicable legal or regulatory requirements are also kept in mind.
  • Your Rights & Exceptions: You may request account deletion (right to erasure) by contacting us. However, some data cannot be deleted if we have a legal obligation to retain it. For details on non-deletable data, please contact us.
  • Anonymised Data: In some cases, we anonymise personal data (removing all identifiers) for research or statistical purposes. Such anonymised data may be retained and used indefinitely without further notice.

9. YOUR DATA PROTECTION RIGHTS

You have important rights regarding your personal information under data protection laws:

  • Access Your Data: You can request a copy of the personal information we hold about you and verify we're processing it lawfully.
  • Correct Inaccurate Information: You may ask us to update or complete any incorrect or incomplete data we hold about you (we may need to verify your updates).
  • Request Deletion: You can ask us to erase your personal data when we no longer need it, you've objected to processing, the processing was unlawful or required by local law.
  • Object to Processing: You may object when we process your data, based on legitimate interests (if you believe this affects your fundamental rights) or for direct marketing purposes.
  • Restrict Processing: You can ask us to temporarily stop using your personal data when you're verifying the accuracy of information we hold, the processing is unlawful but you don't want deletion, you need us to retain data for legal claims (even if we no longer need it) and you've objected to processing while we verify our legitimate grounds.
  • Request the transfer: You can request a copy of your personal data in a structured, digital format, or ask us to transfer it directly to another provider.
  • Withdraw Consent: You may revoke consent for data processing at any time. This does not affect processing that occurred before withdrawal. Some services may become unavailable if consent is withdrawn. We'll inform you of any service impacts when you withdraw.

We provide above free of charge. However, we can charge a "reasonable fee" when a request is:

  • manifestly unfounded or excessive, particularly if it is repetitive, unless we refuse to respond; or
  • for further copies of the same information (that's previously been provided). This does not mean that we can charge for all subsequent access requests.

We have the right to verify the identity of the person making the request. We normally try to respond to all legitimate requests within 30 days. If the request is complex or the number of requests are high, we need more time.

10. PRIVACY NOTICE FOR JOB APPLICANTS

To process your application, we require certain personal data. While providing this information is voluntary, some details are necessary for us to properly assess your application. If your application is unsuccessful, we will retain your information for one year from the role's closing date. We may collect, store, and use the following:

  • Personal & Contact Details: name, address, email, and phone numbers
  • CV or resume as a file.
  • Reference contact information (You must obtain their consent before sharing their details with us)
  • Sensitive Data: Please avoid including sensitive personal data (e.g., race, religion, health) in your application, as it is not required at this stage.
  • Technical & Usage Data: Our website uses cookies.

11. USER RESEARCH AND DATA HANDLING

To improve our service, we conduct regular user research. Here's how we handle your data:

  • Research-Only Use: Data collected is strictly for research and never sold to third parties.
  • Interview Recordings: Retained only as long as needed (max 3 years), then permanently deleted.
  • Transcripts: If created, these are anonymised after 3 years by removing all personal identifiers.
  • Security: All research materials are stored securely at all times.

12. COMPLAIN

If you have a complaint, please email us (the email mentioned in the CONTACT OPEN POWER) with details of your concern. We will:

  • Acknowledge receipt within 5 working days
  • Work to resolve your issue promptly

For urgent matters, please mark your email with "Urgent Complaint" in the subject line.

You may escalate complaints to:

  • The UK regulator: ICO (www.ico.org.uk)
  • EU data protection authorities (for EU residents)
  • Your local regulator (for non-UK/EU GDPR countries)

While you have this right, we kindly ask that you contact us first; we welcome the opportunity to address your concerns directly.

13. CONTACT OPEN POWER

If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

  • Company name: Hexapower Limited
  • Registered company number: 14543090
  • Email Address: help@open-power.co.uk
  • Postal address: Renold Building 81, Sackville Street, Manchester, England, M1 3NJ