Energy Data Sovereignty

For the purposes of this Agreement, "Energy Data" means all data relating to the energy performance, consumption, generation, or efficiency of buildings or systems, including but not limited to:

• Electricity, gas, heating and cooling energy consumption data
• Smart meter and utility meter readings
• IoT sensor and building automation system data
• Building energy models and simulation inputs
• Derived metrics, analytics outputs, and performance indicators
• Time-series datasets and event logs related to energy systems

The Customer retains full ownership and control over all Energy Data.

The Service Provider acknowledges that:

• Energy Data remains the exclusive property of the Customer or its authorized stakeholders
• No transfer of ownership occurs through the use of the Service
• The Service Provider obtains only a limited right to process Energy Data as necessary to deliver the Service

This includes adherence to the principle of data sovereignty, meaning Energy Data is always under the control of the Customer and is not repurposed beyond agreed purposes.

Energy Data shall be used strictly for:

• Measurement and verification of energy performance
• Energy efficiency analysis and benchmarking
• Model training and execution for Customer-specific outputs
• Generation of reports, dashboards, and insights for the Customer

The Service Provider shall not:

• Use Energy Data for unrelated commercial purposes
• Sell, rent, or monetize Energy Data
• Use Energy Data to develop competing datasets or external benchmarks
• Re-identify or profile individuals unless explicitly required for the Service

Where required by applicable law, regulation, or Customer request:

• Energy Data shall be stored and processed within the European Economic Area (EEA)
• Cross-border transfers shall only occur under GDPR-compliant safeguards (e.g., SCCs)
• The Customer may request geographic restriction of storage and processing

The Service Provider shall provide transparency regarding data hosting locations upon request.

The Customer shall have:

• Full access to all Energy Data and derived outputs
• The ability to export Energy Data in structured, machine-readable formats
• The right to delete Energy Data subject to legal retention obligations
• Administrative control over user access within their organization

The Service Provider shall not restrict access to Energy Data except for security or legal compliance reasons.

Unless otherwise agreed:

• The Customer retains rights to all outputs derived specifically from their Energy Data
• This includes energy savings calculations, performance models, and reports
• The Service Provider may retain anonymized and aggregated statistical insights only if:
  • They cannot be linked back to the Customer or any building
  • They are used solely for system improvement

No raw Energy Data shall be used to train generalized models shared across customers unless explicitly opted-in.

The Service Provider shall ensure:

• Strict logical separation between Customer datasets
• Prevention of cross-tenant data leakage
• Access controls enforcing least-privilege principles
• Audit logging of all data access events

Energy Data from different Customers must never be commingled in identifiable form.

The Service Provider shall implement appropriate technical and organizational measures, including:

• Encryption of Energy Data in transit and at rest
• Secure authentication and authorization mechanisms
• Monitoring for unauthorized access or anomalies
• Regular security assessments and updates

The integrity of Energy Data shall be preserved against unauthorized modification or loss.

Where the Customer is part of a public authority, funded project, or research consortium:

• Additional restrictions on data reuse, sharing, or aggregation may apply
• Energy Data shall not be reused outside the project scope without explicit consent
• Compliance with funding program requirements (e.g., EU LIFE, Horizon Europe) shall take precedence

Upon termination of the Service:

• The Customer may request full export of Energy Data
• Energy Data shall be deleted within a reasonable period unless retention is legally required
• Derived outputs shall be returned or deleted as instructed by the Customer

In case of conflict between this Energy Data Sovereignty Clause and other terms:

This Clause shall prevail with respect to Energy Data governance and usage.