Privacy policy

1. Privacy Statement

By accessing https://www.jao.eu (“the Website”) or our service desk through https://servicedesk.jao.eu, you agree to this Privacy Policy which is part of our General Terms and Conditions for the Use of the JAO Website Please read those terms carefully as well.

Joint Allocation Office S.A. (“JAO”) is a service company that facilitates the electricity market by organizing auctions for cross border transmission capacity. On the 1st of October 2018, JAO became the Single Allocation Platform (SAP) for all European Transmission System Operators (TSOs) that operate in accordance to the EU legislation on forward capacity allocation, since it is able to implement and fulfil all regulatory obligations and requirements. 

JAO is committed to treat personal data with utmost care and confidentiality. You share these personal data with us when you register as a market participant, sign a contract with us, fill any form in the course of our business relationship, use our Website, use our service desk platforms or contact us by email or post. 

Here is a summary of what you can expect to find in our Privacy Policy, which covers the Website and/or any of our service desks as detailed above as in this Privacy Policy we intend to share with you how we treat your personal data:

  • What personal data do we collect?
  • What do we do with your personal data and who we share it with?
  • How do we keep it secure?
  • What are your rights as a data subject?
  • How long do we store your personal data?
  • A. What personal data do we collect

    • Identification Data: this includes your name, signature, your email address, your address, date of birth, place of birth, nationality and IP address when you visit our Website.
    • Transaction and Financial Data: this includes bank details, social security details, auction bid details, and invoices.
    • Online Data: aside from the identification data collected when you visit, we will also collect the time and date of the visit.
    • Contact Information: we collect company contact information that could include some personal data to enable us to contact you and for survey purposes or even sending operational messages.
  • B. What do we do with your personal data and who we share it with?

    We collect personal data as we need them to properly verify your identity, carryout due diligence procedures, on-board you on the auction platform and allow you to trade on the auction platform.

    The personal data will be used to create and maintain a user access for your business account. 

    The personal data will also be shared with our banking partner as they will create the access to a bank account and could also be shared with any regulatory authority who JAO is legally bound by or obliged to disclose such personal data.

  • C. When you use our Website

    When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the Website to function.

    Some of the cookies we use are strictly necessary for our Website to function, and we do not ask for your consent to place these on your computer. These cookies are shown below.

    Cookie Name

    Purpose

    .ASPXAUTH

    This cookie is used to determine if the identity of a user is verified; strictly applies to users who log in on the website.

    .ASPXROLES

    This cookie is set when a visitor logs in to a protected area of a site, and is used to define the roles or permissions attributed to the user. 

  • D. Use of our service desk platforms

    Upon registration for the use of any our service desk platforms as detailed in 1., we collect your personal data which may include identification data such as your name and email address. This data is used to identify each user and create a user profile.

    The service desk platforms allow users to create tickets, share information and upload documents and display certain content (the“Comments”). Comments made are seen by active users within your company and internally by JAO.

    For service desk platform underhttps://servicedesk.jao.eu; the tickets created can only be shared within your company.

    We retain these information and they continue to be linked to the user account that created them unless an application is made for the removal of the user then it is anonymized in accordance with  European General Data Protection Regulation  (EU) 2016/679(GDPR)principles.

    We also store the Comments and information you share on these platforms.

  • E. Websites of third parties

    This Privacy Policy is not applicable to websites of third parties that can be visited through links on this Website.

  • F. How do we keep it secure

    Your personal data is classified as strictly confidential in JAO and it is only accessible to authorized staff. We operate a robust internal security framework to ensure that we keep personal data safe. We periodically assess our cyber security framework to ensure that they are up to date with our industry standard and applicable regulations.

  • G. How long we keep your personal data

    The law only requires us to keep your personal data for as long as it is still necessary for the reason we require it. After this we delete the personal data.

  • H. Your rights as a data subject

    By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

    If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data will be erased.

    You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully. 

    Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling.

    To submit a request regarding your personal data by email or post, please use the contact information provided at the bottom of this policy.

2. Updates to the Privacy Policy

We regularly review and, if appropriate, update our Privacy Policy from time to time as our services and use of personal data evolves. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

3. How to contact us

If you have any questions about this Privacy Policy and/or about JAO S.A. is handling your personal data, please feel free to contact us via the email GDPR@jao.eu or posted to:

Compliance and Data Officer
JAO S.A.
2 rue de Bitbourg, L – 1273
Luxembourg