Privacy Policy
Effective Date: June 9, 2025
Last Updated: June 9, 2025
No Personal Data Collection
Calatüré does not collect personal information from visitors to this website. We do not use cookies, analytics, tracking technologies, or any data collection mechanisms on our website.
Email Contact Handling
If you contact us using the email link provided on our website (info@calature.com), your email address will be used solely to respond to your inquiry. We will not share your email address with third parties, use it for marketing purposes, or retain it longer than necessary to address your specific inquiry.
California Resident Rights (CalOPPA/CCPA/CPRA)
For California residents, we provide the following information:
- Right to Know: You have the right to know what personal information we collect about you
- Right to Delete: You have the right to request deletion of your personal information
- Right to Correct: You have the right to correct inaccurate personal information
- Right to Opt-Out: You have the right to opt out of the sale of your personal information
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Do Not Track: Our website does not respond to Do Not Track signals as we do not track users or collect personal information.
European Union Resident Rights (GDPR)
For EU residents, under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Request access to your personal data
- Right of Rectification: Request correction of inaccurate personal data
- Right of Erasure: Request deletion of your personal data
- Right to Data Portability: Request transfer of your data in a structured format
- Right to Restriction: Request restriction of processing of your personal data
- Right to Object: Object to processing of your personal data
- Right to Complain: You have the right to lodge a complaint with your local supervisory facilitator
Legal Basis: When we do process personal data (such as email inquiries), we do so based on legitimate interest to respond to business inquiries.
Energy Sector and Professional Standards
As a Virtual Power Plant consulting company, Calatüré maintains cybersecurity standards appropriate for the energy sector. We are committed to:
- Professional confidentiality for all client interactions
- Compliance with applicable energy sector regulations including FERC and NERC requirements
- Protection of critical infrastructure information and sensitive energy data
- Secure communication protocols for all business interactions
Future Data Collection Framework
We are preparing comprehensive data collection capabilities that will be implemented with full regulatory compliance. When activated, the following features will be available:
Lead Generation and Contact Forms
- Information Collected: Name, email address, company name, phone number, project details, energy consumption data
- California Notice at Collection: Clear disclosure of categories, business purposes, retention periods, and sharing practices at point of collection
- EU Lawful Basis: Legitimate interest for business inquiries, consent for marketing communications
- Consent Mechanisms: Granular opt-in choices for communications, analytics, and third-party sharing (no pre-checked boxes)
- Data Retention: Business inquiries retained for 3 years, marketing consent indefinitely until withdrawn
Analytics and Performance Tracking
- Cookie Categories: Essential (no consent required), Functional, Analytics, Marketing (consent required)
- California Users: Opt-out mechanisms for non-essential cookies with "Do Not Sell" compliance
- EU Users: Consent banner with category selection and easy withdrawal options
- Data Minimization: Anonymized/pseudonymized data collection with automatic deletion after 26 months
- Third-Party Services: Google Analytics 4 (with privacy controls), customer analytics platform
Email Marketing and Communications
- Subscription Types: Technical updates, industry insights, product announcements, VPP sector research
- EU Compliance: Double opt-in confirmation required for all marketing communications
- California Compliance: Clear opt-out in every communication, opt-out preference center
- Automated Processing: Lead scoring and segmentation with human oversight for significant decisions
Consumer and Data Subject Rights Implementation
California Residents (CCPA/CPRA)
- Right to Know: 45-day response with detailed data inventory
- Right to Delete: Secure deletion within 30 days of verification
- Right to Correct: Data rectification within 45 days
- Right to Opt-Out: One-click opt-out for data sharing/selling
- Right to Limit: Sensitive personal information use restrictions
EU Residents (GDPR)
- Access Requests: 30-day response with machine-readable format
- Data Portability: JSON/CSV export of personal data
- Rectification: Real-time correction capabilities
- Erasure: "Right to be forgotten" with audit trail
- Processing Restriction: Temporary data processing suspension
Technical Implementation Specifications
- Consent Management Platform: Jurisdiction-aware consent collection and withdrawal
- Identity Verification: Multi-factor authentication for privacy rights requests
- Automated Response Systems: Self-service privacy rights portal with escalation procedures
- Cross-Border Data Transfers: Standard Contractual Clauses for EU data processing
- Data Processing Agreements: Privacy-compliant vendor contracts for all third-party services
Energy Sector Data Protection
- Critical Infrastructure Information: Enhanced encryption and access controls for energy-related data
- FERC/NERC CIP Alignment: Cybersecurity frameworks integrated into data handling procedures
- Client Confidentiality: Professional privilege protections for VPP consulting communications
- Supply Chain Privacy: Vendor privacy assessments aligned with energy sector security requirements
Implementation Timeline: These capabilities will be activated in phases with 30-day advance notice and full privacy policy updates. All systems will be compliance-tested before deployment.
Regulatory Monitoring: Our compliance framework includes quarterly reviews of California and EU privacy law changes, with proactive policy updates as needed.
Data Security
We implement appropriate security measures to protect any personal information that may be collected in the future, including:
- Secure hosting environment with HTTPS encryption
- Access controls for website administration
- Regular security monitoring and updates
- Vendor security assessments for all third-party services
Contact Information for Privacy Inquiries
For privacy-related questions or to exercise your rights:
- General Privacy Inquiries: privacy@calature.com
- EU Data Protection Contact: privacy@calature.com
- California Consumer Rights: privacy@calature.com
Policy Updates
We review this privacy policy quarterly and will update it as needed to reflect changes in our practices or applicable law. Material changes will be posted on this page with an updated "Last Updated" date.
Regulatory Compliance
This privacy policy is designed to comply with:
- California Online Privacy Protection Act (CalOPPA)
- California Consumer Privacy Act (CCPA/CPRA)
- European Union General Data Protection Regulation (GDPR)
- EU ePrivacy Directive
- Applicable energy sector cybersecurity requirements