Last updated: March 1, 2025
Welcome to the Aggregator Energy website!
We value your trust and strive to ensure the highest level of protection for your personal data in accordance with the laws of Ukraine and the General Data Protection Regulation (GDPR) of the European Union.
This Privacy Policy explains what data we collect, how we use and protect it, and what rights you have.
1. General Provisions
1.1. 1.1. This Privacy Policy defines the procedure for collecting, using, storing, and disclosing personal data of users of the Aggregator Energy website (hereinafter – the “Website” or “Platform”), processed by LLC “Ukrainian Balancing Group” (hereinafter – the “Company”).
1.2. 1.2. By using the Website, you agree to the processing of your personal data in accordance with this Privacy Policy.
2. Legal Basis for Data Processing
We process your personal data on the following legal grounds:
2.1. Contract performance – personal data is processed to provide services under the Public Offer and ensure the operation of Aggregator Energy, including account registration, energy resource management, settlements in the balancing market, and other contractual operations.
2.2. Legitimate interests – data processing is necessary to improve service quality, analyze the market, enhance platform security, prevent fraud, and manage the technical operation of the website.
2.3. Consent – when data processing is not required for contract performance or legitimate interests, we request your consent (e.g., for marketing emails or cookie-based personalization and analytics). You may withdraw your consent at any time.
2.4. Legal obligations – we are required to process personal data under applicable Ukrainian laws, including the Law of Ukraine “On the Electricity Market” and regulations by the NEURC, especially for reporting to state authorities and fulfilling financial compliance obligations.
3. What Data We Collect
We may collect and process the following categories of personal data:
3.1. Identification data
- Full name (for individuals);
- Company name (for legal entities);
- Contact details (phone number, email);
- Account credentials (login, password).
3.2. Financial data
- Bank details for payments;
- Information on financial transactions through the platform;
- Data on balancing services and energy monetization.
3.3. Technical data
- IP address;
- Device, browser, and OS information;
- Log files and activity data;
- Cookies and other tracking technologies;
- API usage data for energy management.
3.4. Energy data
- Information on energy generation, consumption, and storage;
- Data on connected devices and integration with the Virtual Power Plant;
- Market participation data (e.g., day-ahead imbalance, intraday, balancing markets);
- Forecasted energy consumption and generation based on platform algorithms.
4. How We Use Your Data
4.1. We process personal data to enable the operation of the website and VPP platform, including user registration, asset connection, account management, and interaction with other market participants.
4.2. User data is also needed to fulfill contractual obligations – such as accounting for electricity usage/generation, financial transactions, payouts for balancing services, and energy monetization.
4.3. To ensure user security, we analyze account activity, use authentication methods, detect suspicious behavior, and protect against cyber threats.
4.4. To improve VPP performance, we use AI and machine learning to forecast consumption and generation, analyze market trends, and optimize resource use.
4.5. We continuously improve the website by analyzing user behavior and preferences, enhancing platform features, adapting the interface, and introducing new technologies.
4.6. We also process data to comply with Ukrainian and EU laws, including providing information to regulators like NEURC and Ukrenergo.
4.7. With user consent, we may send marketing messages – such as service updates, special offers, market reports, or loyalty program invitations.
5. Cookies and Tracking Technologies
We use cookies and other tracking tools to analyze user behavior, personalize content, and for marketing purposes. You can change your cookie preferences in your browser.
For more details, see our Cookie Policy.
6. Disclosure to Third Parties
6.1. We do not share your personal data with third parties without your prior consent, unless necessary for fulfilling our obligations or legal requirements.
6.2. Your data may be shared with electricity market operators, banks, and payment systems to process financial transactions and payouts.
6.3. We may also disclose personal information to government bodies, law enforcement, or regulatory agencies as required by law (e.g., requests from NEURC or during investigations).
6.4. In case of security threats or to protect the Company’s legal interests, we may share data with third parties to prevent fraud, combat cyberattacks, or stop unauthorized access.
6.5. If personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection using legal mechanisms such as EU standard contractual clauses or other regulatory safeguards.
7. Personal Data Protection
7.1. We prioritize the security of your personal data and use modern technologies to protect it. Reliable security mechanisms minimize risks of unauthorized access, loss, leakage, or alteration.
7.2. Data Encryption
All personal data is transmitted and stored in encrypted form using advanced cryptographic methods (e.g., SSL/TLS protocols) for secure communication between user and server.
7.3. Protection from DDoS and Other Threats
We deploy systems to detect and block attacks that may disrupt the website. Suspicious activity is automatically analyzed and filtered using firewalls, bot protection, and layered request verification.
7.4. Security Audits and System Updates
We conduct regular audits and testing. Our cybersecurity team performs:
- Vulnerability scanning in code and servers
- Penetration testing
- Software updates to eliminate risks
- Access control over personal data to prevent unauthorized use
7.5. Two-Factor Authentication (2FA)
We recommend enabling 2FA – an additional layer of protection requiring a unique code sent to a trusted device or email during login.
7.6. Access Restriction
Only authorized employees with a legitimate need can access your personal data, following the principle of least privilege.
7.7. Monitoring and Incident Response
In case of suspicious activity or threats, we act immediately. Our team monitors security and responds to incidents affecting data confidentiality and availability.
8. User Rights
Users of the Aggregator Energy platform have the following rights regarding their personal data:
8.1. Right of Access
You may request confirmation of whether your personal data is being processed, along with a copy and purpose-related details.
8.2. Right to Rectification
You can request corrections or additions if your data is inaccurate or incomplete. Requests may be submitted via email at [email protected] or via your account dashboard.
8.3. Right to Erasure (“Right to be Forgotten”)
You may request deletion of your data if it’s no longer needed or you withdraw consent. Some legal limitations may apply, e.g., when the Company is obligated to retain data.
8.4. Right to Restrict Processing
You may request to temporarily suspend processing if you contest its accuracy, object to its lawfulness, or need the data to establish or defend legal claims.
8.5. Right to Data Portability
You may request a copy of your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.
8.6. Right to Object
If data is processed based on the Company’s legitimate interest or for public interest tasks, you may object to such processing with justification.
8.7. Right to Withdraw Consent
If data processing is based on your consent, you can withdraw it at any time without affecting previous lawful processing.
Exercise of Rights
8.8. To exercise your rights, contact us using the official contacts provided in the Aggregator Energy Offer. We will review your request in accordance with Ukrainian law and GDPR timelines. Additional identity verification may be required.
8.9. If you believe your rights have been violated, you may submit a complaint to [email protected].
9. Changes to the Privacy Policy
We may update this Policy periodically to reflect legal or operational changes. Significant updates will be communicated via the Website or other communication channels.
10. Contact Information
If you have any questions about this Privacy Policy, please contact us:
LLC “Ukrainian Balancing Group”
Address: 01135, Ukraine,
Kyiv, Pavlivska St., 26/41, Apt. 13 13
Email: [email protected]
