The data controller responsible for processing your personal data is AXO Energy, a PPA marketplace and advisory service operating in European energy markets (SEE, CEE, and Germany).
For all data protection enquiries and requests, please use the contact form available at axo-energy.eu/contact. Postal contact details will be provided in the finalised version of this policy.
Depending on how you interact with our platform, we may collect the following categories of personal data:
| Category | Examples | Context |
|---|---|---|
| Identity data | Name, job title, company name | Contact form, registration |
| Contact data | Email address, telephone number | Contact form, registration |
| Transaction data | PPA interest details, project data, indicative terms | Members area, enquiries |
| Technical data | IP address, browser type, device data, page interactions | Automatic collection via cookies/analytics |
| Usage data | Pages visited, time spent, referral source | Analytics tools |
| Communications data | Content of messages sent via contact form | Contact form |
We do not intentionally collect special categories of personal data (sensitive data) as defined under GDPR Article 9, nor do we collect data from individuals under 18 years of age.
We process your personal data only where we have a lawful basis to do so under the GDPR. The table below sets out our purposes and the corresponding legal bases:
| Purpose | Legal Basis (GDPR Article 6) |
|---|---|
| Responding to enquiries submitted via the contact form | Legitimate interests (Art. 6(1)(f)) / Pre-contractual steps (Art. 6(1)(b)) |
| Registering and managing Members Area access | Performance of contract (Art. 6(1)(b)) |
| Facilitating PPA matching between buyers and sellers | Performance of contract / Legitimate interests (Art. 6(1)(b)(f)) |
| Analysing site usage to improve our platform | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Direct marketing communications (where applicable) | Consent (Art. 6(1)(a)) |
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention principles are:
Specific retention schedules will be set out in the finalised version of this policy following legal review.
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data. You may exercise any of these rights by contacting us via our contact form.
Right of Access
Request a copy of the personal data we hold about you (Art. 15 GDPR).
Right to Rectification
Request correction of inaccurate or incomplete personal data (Art. 16 GDPR).
Right to Erasure
Request deletion of your personal data where no lawful basis for retention exists (Art. 17 GDPR).
Right to Restrict Processing
Request restriction of processing in certain circumstances (Art. 18 GDPR).
Right to Data Portability
Receive your data in a structured, machine-readable format (Art. 20 GDPR).
Right to Object
Object to processing based on legitimate interests or for direct marketing (Art. 21 GDPR).
Right to Withdraw Consent
Withdraw consent at any time where processing is consent-based (Art. 7(3) GDPR).
Right to Lodge a Complaint
Lodge a complaint with your local supervisory authority if you believe your rights have been infringed.
We will respond to verifiable requests within one calendar month. Where requests are complex or numerous, this period may be extended by up to two further months, with notice provided.
Our website uses cookies and similar tracking technologies to operate the site and, where you consent, to analyse usage. The categories of cookies we use (or intend to use) are as follows:
A cookie consent mechanism is in place (or will be in place at launch). You may withdraw or adjust your consent preferences at any time via the cookie settings control available on our site.
For a detailed list of specific cookies set, their purpose, and their retention periods, please refer to our Cookie Notice, to be published as a separate document following legal review.
We may engage third-party processors who act on our behalf and under our instruction to provide services including but not limited to:
All third-party processors are subject to appropriate data processing agreements (DPAs) in accordance with GDPR Article 28. We do not sell, rent, or trade personal data with third parties for their own marketing purposes.
A full list of sub-processors will be maintained and made available upon request following legal review and finalisation of service arrangements.
Where personal data is transferred outside the European Economic Area (EEA), AXO Energy will ensure that appropriate safeguards are in place. These may include:
Details of any international transfer arrangements will be provided in the finalised policy document.
AXO Energy implements appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
No method of electronic transmission or storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately via our contact form.
This Privacy Policy may be updated periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Revised" date at the bottom of this page and, where appropriate, provide additional notice to affected individuals.
We encourage you to review this policy periodically to stay informed about how we protect your data.
For any questions, concerns, or formal requests relating to the processing of your personal data — including exercising your rights under GDPR — please contact us using the form on our contact page.
We are committed to handling all data protection requests promptly and in accordance with applicable law. Where an appointed Data Protection Officer (DPO) is required or has been designated, their contact details will be included in the finalised version of this policy.
You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. In the European Union, supervisory authority contact details are listed at edpb.europa.eu.