Data Protection Compliance

Data Processing Information

This page explains how OptiBid Energy collects, processes, and protects your personal data in compliance with privacy regulations including GDPR, CCPA, and other applicable data protection laws.

Last updated: December 2, 2025

Our Privacy Commitments

Regulatory Compliance:

  • • GDPR (European Union)
  • • CCPA/CPRA (California)
  • • PIPEDA (Canada)
  • • LGPD (Brazil)

Data Protection Principles:

  • • Lawfulness, fairness, and transparency
  • • Purpose limitation
  • • Data minimization
  • • Security and accountability

Data Controller Information

Controller Details

Company: OptiBid Energy LLC

Address: 123 Energy Plaza, New Delhi, Delhi 110001, India

Email: privacy@optibid-energy.com

Phone: +91 (0) 11 1234 5678

Registration: Pvt Ltd Company

Data Protection Officer

Contact: dpo@optibid-energy.com

Responsibilities:

  • • Supervising compliance with privacy laws
  • • Handling data subject requests
  • • Conducting privacy impact assessments
  • • Training employees on data protection

Categories of Personal Data We Process

Identity & Contact Data

Information we collect to identify you and maintain your account.

Data Types:

  • • Name and surname
  • • Email address
  • • Phone number
  • • Job title and role
  • • Company information

Purpose & Legal Basis:

  • • Account management (Contract)
  • • Customer support (Legitimate interest)
  • • Marketing communications (Consent)

Financial & Payment Data

Information needed for billing, payment processing, and financial reporting.

Data Types:

  • • Billing address
  • • Payment method details (tokenized)
  • • Subscription plan information
  • • Invoice history
  • • Tax identification numbers

Purpose & Legal Basis:

  • • Payment processing (Contract)
  • • Financial compliance (Legal obligation)
  • • Fraud prevention (Legitimate interest)

Usage & Technical Data

Information about how you interact with our platform and services.

Data Types:

  • • IP address and device information
  • • Browser type and version
  • • Pages visited and actions taken
  • • Time spent on features
  • • Dashboard configuration preferences

Purpose & Legal Basis:

  • • Platform security (Legitimate interest)
  • • Service improvement (Legitimate interest)
  • • Analytics and performance monitoring (Consent)

Energy Trading Data

Information related to your energy trading activities and portfolio management.

Data Types:

  • • Energy asset information
  • • Trading positions and history
  • • Market data preferences
  • • Risk tolerance settings
  • • Performance metrics

Purpose & Legal Basis:

  • • Service delivery (Contract)
  • • Compliance with energy regulations (Legal obligation)
  • • Financial reporting (Legal obligation)

Legal Bases for Data Processing

Contract Performance (Article 6(1)(b) GDPR)

Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Examples: Account creation, service delivery, payment processing

Legitimate Interest (Article 6(1)(f) GDPR)

Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

Examples: Security monitoring, fraud prevention, service improvement, customer support

Legal Obligation (Article 6(1)(c) GDPR)

Processing necessary for compliance with a legal obligation to which the controller is subject.

Examples: Financial record keeping, energy market reporting, tax compliance

Consent (Article 6(1)(a) GDPR)

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Examples: Marketing communications, analytics cookies, optional features

Data Retention Periods

Account Data

  • Active accounts: Duration of service relationship
  • Inactive accounts: 3 years after last activity
  • Closed accounts: 5 years for legal compliance

Trading Data

  • Transaction records: 7 years (financial regulations)
  • Market data: 2 years for performance analysis
  • Risk assessments: 5 years (industry standard)

Data Deletion Policy

We automatically delete or anonymize personal data when retention periods expire, unless longer retention is required by law or for legitimate business purposes.

Your Data Protection Rights

Under applicable privacy laws, you have the following rights regarding your personal data:

Right of Access

Request information about what personal data we hold about you and how it's processed.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of processing in certain situations.

Right to Data Portability

Receive your personal data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent for processing based on consent at any time.

Right to Lodge Complaints

File complaints with supervisory authorities about our data processing activities.

International Data Transfers

Your personal data may be transferred to and processed in countries other than your own. We ensure adequate protection for such transfers through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification mechanisms and codes of conduct

Data Transfer Notices: We provide specific information about international transfers in our detailed privacy notices when collecting your data.

Exercise Your Data Rights

To exercise any of your data protection rights or to ask questions about data processing, please contact our Data Protection Officer.

Contact Data Protection TeamEmail DPO Directly