Data protection and privacy policy
You are reading version 2025-04-14.
A reseller of the products and services of Eniris may have a different privacy policy. Nevertheless, at Eniris we apply the principles as described in this privacy policy when it comes to your data on the devices manufactured by Eniris and the servers of Eniris. A different privacy policy by a reseller only relates to the actions that your reseller itself takes with regard to your data, outside of the services and products of Eniris.
Our commitment
At Eniris, we are committed to protecting your privacy and handling your data with care and transparency. This Data Protection and Privacy Policy outlines how we collect, store, and use data in relation to our Energy Management System (EMS), app and monitoring portal.
Key principles
- You remain the owner of your data at all times.
- We only store the minimum data required for the working of the services and products you bought, technical support and billing.
- Your data is stored inside the EU and protected according to EU regulations.
- Your data is stored and transmitted with modern industry standard security practices, such as encryption at rest, SSL secured connections, hashing and pseudonimisation.
- Eniris only accesses your data to deliver to you the services that the EMS and Online Portal are meant for, to provide technical support, for invoicing, and to improve our services and products.
- Your data can be shared with the resellers in the distribution chain up to and including the reseller whom you bought the services and/or products from. This data is only shared with the intention that each party can install the EMS, monitor your sites on your behalf for performance and faults etc., provide technical support and do invoicing of the services. Resellers that are not in the direct chain towards you, the end user, cannot access your data. Please refer to the privacy policy and data protection documents you received from the reseller when contracting their service or buying the product for more details.
- The EMS may send data back to third party providers of external control signals that you have contracted (e.g. imbalance services, ...). Eniris has no control over what the third party provider does with this data - please refer to the privacy policy and data protection documents you received from the third party when contracting their service. The EMS does not send data to third party providers of external control signals that have not been configured in the EMS.
- Eniris uses servers hosted by Hetzner (DPA), OVH Cloud (Compliance), Vultr (Data center compliance) and Digital Ocean (Security]). We only use servers in the EU and services that are GDPR compliant.
- Your data is not intentionally shared with any other party.
- Your data is never sold intentionally by Eniris.
- We perform regular security checks and submit our systems to pentesting by independent cybersecurity companies.
Our commercial agreements request that every one of our distributors and installers complies with the same commitments as we do, and that the terms under which they sell our products request the same of their clients, all the way until you, the end user. Likewise, each of our employees and contractors is bound by confidentiality agreements. We do not authorize that your data is shared or used for other purposes than delivering the service you bought, billing and technical support.
How does Eniris comply with the EU general data protection regulation (GDPR)?
Which data are we talking about?
Data that is stored in the cloud
We only store data in the cloud that is needed for providing you with the app and monitoring portal, billing and technical support.
- Data of the devices you add to the EMS or portal. This is mostly energy data, but also e.g. serial numbers for identification of the device.
- The name your installer or you give to your site.
- The address where the EMS is installed. This used for weather forecasts, but may also be required if certain energy providers or external control signals are configured.
- E-mail adresses, so you can have a login for the app and monitoring portal.
- Logs of login attempts, the change of settings and configurations - to safeguard authenticity.
- The energy price formula you enter in the app or portal.
- Metadata of the devices added, such as settings, driver parameters etc.
- Diagnostic data such as internet usage of the EMS, crash logs, etc.
Data that does not leave the EMS
- The EMS searches locally for devices on the network it is installed in - to facilitate adding them to the EMS. This data is NOT stored in the cloud. The EMS does also not access devices that are not added to it - it only searches for IP and MAC adresses so that the installer can more easily find the devices he needs to connect.
- Credentials required to access the API of certain devices. All credentials are encrypted with a key that is only known to the EMS. The encrypted credentials are synced with the server as part of device metadata, but the encryption key is not. Hence, even in case of a data breach, these credentials are safe.
I don't want that Eniris, a distributor or an installer has access to my data
Without any access to your data, it is not possible to provide you with an app and online portal. The EMS can theoretically function standalone, but you will only be able to check it's data from your local network in a limited fashion, and the performance may be affected.
How is the EMS added to my account? Can it be added by anyone?
- The EMS can be claimed by a distributor or installer account, and they give the end user access through a user account.
- For claiming the EMS, the installer needs to know the serial number and verification code, which requires (having had) physical access to the device.
- The EMS cannot be claimed again until the installer gives permission to do so.
- Exceptions may exist to this rule for certain distributors. Please check the terms and conditions of your reseller.
What if I switch installer or my installer no longer exists?
Please contact your distributor or Eniris, and we will provide a suitable solution in accordance with the terms and conditions with which the device was bought.
What about remote access to the EMS commissioning interface?
- The EMS and monitoring portal dispose of a remote configuration function, to assist in technical support and commissioning.
- You can disable the remote service connection entirely, however, this makes it impossible to provide technical support and manual updates. Depending on the terms and conditions of the sales contract with your installer and the terms of use, this may mean you will not get technical support at all.
Is remote access to the commissioning interface safe?
Yes. Double authentication is used:
- Remote access is done through the app or portal, so this can only be done from accounts that have access to your EMS.
- For logging in remotely, the user must login again with his app credentials on the EMS. The EMS then verifies that the user has access rights.
It is possible to further secure remote access with two factor authentication.
Furthermore, all logins and configuration changes are logged, so in case of suspicion of malicious activity it is possible to trace the source.
Does remote access grant access to the rest of my network?
No. Remote access only gives access to the EMS commissioning interface. Nevertheless the commissioning interface shows IP addresses and MAC addresses of the devices in your network, so that the installer can identify which devices to add to the EMS.
Does the EMS communicate with other devices on my network?
The EMS only communicates with devices that have been added to it and it searches for the IP addresses and MAC addresses of the devices on your network (for identification of the devices that may have to be added).
How can I download my data?
All of the graphs on the portal can be downloaded as csv files. You can also submit a request to info@eniris.be to obtain a download link for all of your data. The download link will be shared through the portal, so only you can access your data for downloading. This is subject to fair use, and for frequent download requests we refer to using our api.
How can I delete my data?
Similarly as for downloading your data, you can submit a request to info@eniris.be, and a deletion link will be shared through the portal, so only you can confirm the deletion of your data. This is subject to fair use, and for frequent deletion requests we refer to using our api. Deletion will be done within 30 days after confirmation of the request and cannot be undone.
How long is my data retained?
Your data is retained for at most ten years or 30 days after you cease to use the service and give notice of a deletion request. Upon non-renewal of software licenses (see the terms and conditions of sales with your reseller), the data is deleted within 90 days after the expiry of the license.
Eniris uses retention policies and automatic agreggation, so the level of detail in your data reduces over time.
How is the EMS kept secure?
The EMS receives updates automatically, provided automatic updates are switched on in the configuration. This includes security updates. Furthermore, no unnecessary software is installed on the EMS, to reduce the potential attack service. The EMS configuration interface is password secured, and two factor authentication can be enabled. Serial consoles and HDMI interfaces are blocked (on the hardware versions that allow this).
What does all this mean for our distributors and installers?
-
Our commercial agreements request that every one of our distributors and installers complies with the same commitments as we do, and that the terms under which they sell our products request the same of their clients, all the way until the end user.
-
However, we understand that you as a distributor or installer want to focus on delivering the products and services to your clients. Hence, we provide a standard data protection agreement (DPA) and set of documents that you are free to use with your clients.