This Notice last changed on 17th August 2021.
Who we are
OpenSolar Pty Ltd. (“OpenSolar”, “we” or “us”) always respects your privacy and values the trust you place in us when you share your personal information with us.
This Privacy Notice ("Notice") sets out how we collect, hold, use, disclose and otherwise process your personal information, why and with what legal reasoning we process it, with whom and for what purposes we share it, the rights to which you may be entitled and your choices about our use of your personal information.
This Notice covers our use of personal information when we provide services to you or your organisation, engage you to provide services to us, when you browse our website, you log-in to our platform or our mobile application, or otherwise interact with us (collectively, the "Services"). If any of these apply to you, please read this Notice carefully.
This notice does not cover any information that is stored on our platform or mobile application by the installer with whom you are contracting for your solar project. In operating the platform and mobile application OpenSolar will be a data processor in respect of the personal data that is stored by the installer or you. The installer will be the controller in respect of that personal data. You should therefore ensure you read your installer's privacy notice carefully. However, OpenSolar is the data controller in respect of the personal information listed in this notice.
We will display this Notice or the links to this Notice on the Website.
When we refer to "you" in this Notice, this includes you and/or your organisation.
OpenSolar's contact details are as follows:
Address: Energy Lab, 4-12 Buckland Street Chippendale NSW 2008
If you have questions, please contact the Privacy & Security Officer at:
Post: Energy Lab, 4-12 Buckland Street Chippendale NSW 2008
We do not knowingly collect information from children under the age of 18 and our Services are not aimed at them. If you are under the age of 18, you may not submit any personal information to us or register for the Services and if you want to use our Services, please rely on a parent or guardian to assist you.
1. Data collection and usage
We will collect store and use your personal information:
to conduct our business;
to allow access to and to use our Website;
to allow you to register your interest or engage us in receiving our Services or so that we may receive services from you;
If you are a user, to allow you to log-in and access our Services;
to allow access to and use of our mobile application ("App");
to meet our legal obligations;
to fulfil any purpose we make known to you when we collect your personal information; and
to fulfil other purposes set out in more detail in this section.
We have identified below the types of information we may collect or receive, how we will use it and why we will use it.
Account registration and operation: in order to create an account to access the Services, to take the benefit of our Services or for us to operate our Services we will ask you (or a third party on your behalf) to provide certain information which may include: your email address, password, name of organisation and country location (collectively referred to as “Account Information”). We use Account Information to set you up as a user of our Services, to grant you access to our Services, to encourage you or others to use the platform, to provide technical assistance where required, to manage our relationships with you and other third parties in relation to the Services and to conduct analytics of usage of the Services (e.g. to assess how many times you visit certain pages on our platform, to obtain feedback, and to understand how you use our Services so that we can improve our Services). We are controller in respect of Account Information used for these purposes. The installer with whom you are contracting with for your solar project will be Controller in respect of any other information you provide in the course of the provision of the services to you which may be stored on our Services.
Responding to requests: in order to submit a request on our Services we will ask you to provide your email address and information relating to your request. We use this data in order to correspond with you and respond to your request.
Data insight, trend analysis and forecasting: subject to applicable laws, we may anonymise, aggregate or otherwise de-identify your personal information (in a way that it is no longer possible to identify you) to carry out data and trend analysis regarding solar energy projects and demand and to share data regarding the solar and energy market with third parties for the purposes of product and service development.
Engaging you to provide services to us: we may collect your contact details including your name and your email address in order to engage you to provide services to us or a third party on our behalf.
Marketing: We use Account Information to send you marketing which we think you may be interested in. Where required by applicable law, we will not send you marketing without first obtaining your consent.
Connecting you with third parties: If you choose to provide us with your name and contact details in order to allow us to connect you with service providers, we will share your data with any service providers who we consider may be able to provide you with the services you require.
Recruitment: we will collect the information you provide to us as part of any recruitment process (e.g. information contained in your CV, a copy of your ID, and information contained in our interview notes) to assess whether you are suitable for a role with us.
2. Legal bases for data processing
For the processing of your personal information, OpenSolar needs a lawful basis. The lawful basis for our processing depends on the purposes of the processing. Whenever we collect or otherwise process your personal information, we do so on the following legal bases:
Where required by law, your consent to such collection and processing (for example, we may need your consent in order to process your personal information for direct marketing activities or when using technology such as cookies);
Out of necessity for the performance of a contract with you, such as your agreement to our Service Agreement, our User Terms and Conditions and other agreements;
For the purposes of our legitimate business interests provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes. Where we process personal information on the basis that the processing is necessary for the purposes of our legitimate business interests, such interests include:
the promotion of our Services, improvement of your experience when interacting with us;
analysing data obtained through your use of our Services to generate trends, intelligence, insights and analysis that we can share with third parties on an anonymised and aggregated basis;
product development and enhancement, where the processing enables us to enhance, modify, personalize, or otherwise improve our Services and communications for the benefit of our customers, and to better understand how people interact with our Services;
intra-organization transfers for administrative and other legitimate business purposes;
fraud detection and prevention;
defence or establishment of legal claims;
enhancement of our, our employees and third parties' security (including cybersecurity, including improving the security of our network and information systems);
general business operations and diligence (for example, to develop and maintain relationships with vendors, partners and other organizations and dealing with individuals who work for them); and
providing our Services to you.
Where the processing of your personal information is necessary for compliance with a legal obligation; for example, statutory tax retention periods, response to requests from government agencies (such as courts), customs authorities for customs clearance purposes.
If you would like to have more information about our legitimate interests to process your personal information, please contact us as set out below.
We do not make automated decisions which has significant legal effects regarding you. However, if this changes in the future, we will ensure that such decision making is compliant with the applicable laws and that you are informed of such decision making in line with the applicable laws.
3. Ways we collect your data and sources of data
Your personal information is either (a) provided by you (e.g. via our Website or your use of our Services); or (b) obtained from third parties (such as other users of our Services).
We may collect your personal information if you or your company (if applicable) are supplying products and/or providing Services to us or if we are supplying products and/or providing Services to you or your company.
In addition, we may also collect personal information about you directly and indirectly from activity on the Website. For example, When you visit our websites, platforms and download information from them, our Internet Service Provider (ISP) makes a record of your visit and records the following information: * your Internet address; * your domain name, if applicable; and * the date and time of your visit to the website. Our ISP also collects information such as the pages our users access, the documents they download, links from other sites they follow to reach our site, and the type of browser they use. However, this information is anonymous and is only used for statistical and website development purposes.
4. Legal and other requirements
As explained above, some of the personal information we request is required to provide the Services and if it is not provided, we may not be able to provide the relevant Services to you or provide information you have requested from us.
Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency, or in order to investigate, prevent or take action regarding suspected illegal activities or fraud, to enforce or apply our User Terms and Conditions and other agreements, to protect the rights, property or safety of group companies, customers, clients and others or in the defence of legal claims. We will not delete personal information if relevant to an investigation or a dispute or until applicable law allows for it to be deleted. It will continue to be stored until those issues are fully resolved and it can be lawfully deleted.
Any personal information you supply to us through our Website or use of the Services must be complete and accurate. Please note that we can contact you to verify your personal information, if we need to.
5. How long we keep your information
We will keep your information for as long as it is reasonably necessary and to deal with claims. We will also retain your information as necessary to comply with legal, accounting or reporting requirements.
There are also certain types of information which require to be retained for a certain period by law.
In general terms, the criteria we use to determine the retention periods is as follows:
whether there are contractual or legal obligations that exist that require us to retain the data for a period of time;
whether you have interacted with us recently;
whether there is an ongoing legal claim that relates to any business (or otherwise) relationship you have with us, or that is otherwise related to your relationship with us; and
whether any applicable law, statute, or regulation allows for a specific retention period;
These criteria may also mean we adjust the period of time we retain the categories of personal information detailed above.
We will remove your personal information if we no longer need it for the purposes set out above.
Please note that the length of time for which your personal information is held on our Services by the installer you have engaged with is determined by that installer as a Controller. Please contact them or see their privacy notice for further details.
Our retention practices in respect of certain personal information are as follows:
We will retain a copy of your contact details if you object or opt-out of receiving direct marketing communications from us. We will add your details to our suppression list to ensure you do not receive any future marketing communications from us.
We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
Where relevant, we will also retain your personal information for the length of any applicable limitation period for claims which might be brought against us later (e.g. generally between six to ten years depending on the applicable jurisdiction). This will enable us to exercise any legal rights we may have or to defend any legal claims that may arise. In certain circumstances, personal information may need to be retained for a longer period of time, for example, where we are in ongoing correspondence with you or there is a continuing legal claim or regulatory investigation. The period we retain your personal information for will depend on the duration of such claim or investigation and any need for us to ensure we retain necessary data in order to exercise any legal rights we may have.
Please contact us at on the contact details above for more information on the specific retention periods that apply to your personal information.
6. Information we share
There are certain circumstances where we transfer your personal information to third parties such as our service providers and law enforcement agencies. These are as follows:
We share your information with our authorised business partners, resellers or service providers such as marketing/digital agencies, cloud service providers, technical support providers, cybersecurity service providers, website and cookie providers, professional service providers (e.g. legal service providers, accountants etc. They may process your personal information for us, for example, if we use a cloud service provider (such as AWS) or partners engaged for business continuity. Our suppliers and service providers will be required to meet appropriate standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this Notice.
We will share your personal information with the following third parties to the extent necessary to provide the Services: we may share your Account Information with other users of our Services if you have instructed us to do so as part of the Services
Your personal information may be transferred to other third party organisations in certain scenarios:
if we discuss selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
if we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
if we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police or customs authorities;
if we are defending a legal claim your information may be transferred as required in connection with defending such claim
Your personal information may also be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal information.
7. Where your information will be held
The information that we collect from you may be stored at a destination outside the European Economic Area (EEA), including Australia and the US which does not have equivalent data protection laws to those applicable to Europe. It may also be processed by staff operating outside the UK and/or EU who work for us.
When we transfer your personal information outside the United Kingdom and/or European Economic Area (the EEA), we will take relevant measures to protect the information in accordance with applicable laws and regulations. However, regardless of the differences of destination countries of information transfer, we will protect such information at a level not lower than the data protection level of the country in which the personal information was originally collected.
For transfers outside the United Kingdom and/or EEA, we will typically use the Standard Contractual Clauses (SCCs) as a way to ensure adequate safeguards are in place. The European Commission has approved these model contracts. If you would like to obtain copies of the regulator-approved SSCs please contact us on the contact details below.
8. Your Rights
You have certain rights in relation to your information. Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the Privacy & Security Officer on the contact details above.
Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it.
Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected.
Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required for compliance with law or in connection with claims.
Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Transfer: you may request the transfer of certain of your personal information to another party.
Objection: where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.
Consent: where we are processing personal information with consent, you can withdraw your consent.
You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of Data Protection law has taken place.
We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure, so please keep this in mind when deciding to provide your information to us (personal or non-personal) through our sites and products.
10. Links to third party website
Our Website, Services, marketing communications and other communications may, from time to time, contain links to and from the websites of others including third parties who purchase Services from us.
The personal information that you provide through these websites is not subject to this Notice and the treatment of your personal information by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own Notices which will set out how your information is collected and processed when visiting those sites. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the Notices of entities through which you choose to share.
11. Changes to this Notice
This notice may be changed from time to time.
If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.
Once this notice is posted on our Website, it will automatically come into force. The latest version of this notice will prevail over all previous versions.
If you would like to access previous versions of this notice please contact the Privacy & Security Officer.
12. How to contact us
If you would like more information about the way we manage personal information that we hold about you, or are concerned that we may have breached your privacy and wish to make a complaint, please contact us as set out above. We will do our best to resolve your complaint.
What are cookies?
A cookie is a small text file that is stored by your browser or app, and allows it to remember information between web pages and browser/app sessions. OpenSolar uses a number of "first party" cookies - generated by the OpenSolar websites and apps – and some "third party" cookies – deployed on our sites by third parties.
Cookies can only store text, which are generally anonymous but may contain any identifiers such as your name or email address.
Cookies are secure – they can only store information that is put there by the browser, which is information the user has entered into the browser or that is included in the page request. They cannot run code. If a website encrypts the information in the cookie, only that website can read the information.
There are two different types of cookies: Session and Persistent. They are used for different things and contain different information.
Session cookies contain information that is used within your current browser session. These cookies are automatically deleted when you close your browser. Nothing from these cookies persists on your device after the time you spend on the website.
Persistent cookies are used to hold information that is used between visits. This data allows websites to recognise that you are a returning customer and react accordingly. Persistent cookies have a lifetime value that is set by the website, which can vary between a few minutes or several years.
For additional information about cookies, please visit:
Cookies are used by the website to monitor your session as you progress through the website, including to keep track of your journey on the website and whether you've logged in to your user account on the website.
Web analytics cookies, including from our partners Google, allow us to track user interaction within the website. This gives us valuable insights which enable us to improve the website and the products and services we offer.
Turning off and deleting cookies
For our websites and apps that use non-essential cookies or cookies that are not required for the provision of the services you have requested, you can change your cookie settings in your web browser. All web browsers allow you to limit cookie behaviour, turn off cookies or delete them within the settings or options of the browser. The steps to do this are different for each browser, you can find instructions under the Help menu of your browser.
Disabling other types of cookies will also affect the monitoring of your progress through the website, but may not stop the analytics code from recognising your visit.
What do those cookies do?
We have categorized the cookies and tags on the OpenSolar website as follows:
So that you have more details, we have set out below information regarding the cookies on the OpenSolar website.
The list below is not an exhaustive list.
Specifically, we may use Google Analytics ("Analytics Providers") to collect demographic and interest-level information and usage information from users that visit the website, including information about the pages where users enter and exit the website and what pages users view on the website, time spent, browser, operating system, and IP address.
Cookies allow Analytics Providers to recognize a user when a user visits our website and when the user visits other websites. Analytics Providers use the information they collect from our website and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit our website and other websites and purchase items.