PRIVACY NOTICE For Chargemetric APP effective from 06.07.2023 |
---|
This Privacy Notice (“Privacy Notice”) describes the data processing of personal data regarding the “chargemetric” application (“App”) provided by EVESCO Hungary Kft. (registered seat: 2071 Páty, Tölgyfa utca 2/A, registration number: 13-09-224451) under the Terms of Service for the data subject users (“data subjects”) who download the App from App Store or Google Play. |
The Privacy Notice has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). |
1. DATA CONTROLLER |
EVESCO Hungary Kft. acts as the data controller, 2071 Páty, Tölgyfa utca 2/A, e-mail: support@chargemetric.eu (“Data Controller”, “us”) |
2. DATA PROCESSORS |
The following parties act as data processors regarding the data processing under this Privacy Notice. |
Name and data | Provided service | Processed data |
---|---|---|
BlazeArts Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (1096 Budapest, Thaly Kálmán utca 39., Cg. 01-09-389087) | Provider of Aruba Cloud service. Servers are in Italy (https://www.arubacloud.hu/adatvedelem-a-szolgaltatasainkban.aspx). |
Basic and transactional data, data from log submission. |
Smart Charging Korlátolt Felelősségű Társaság (3200 Gyöngyös, Rigó utca 7., Cg. 10-09-037680) | Software developer of the App. | All data under this Privacy Notice. |
Microsoft Ireland Operations Limited (70 Sir Rogerson's Quay, Dublin 2, Ireland, registration number: 256796) | MS Azure cloud service provider where backup data are stored. The MS Azure data centre is located in the West Europe region, physically in Amsterdam (https://azure.microsoft.com/en-us/explore/global-infrastructure/data-residency/#overview). | Data as defined in sections 5.1.-5.3 of this Privacy Notice. |
3. DISCLOSURE OF THE PRIVACY NOTICE |
Data Controller keeps the current version of the Privacy Notice permanently available at its registered seat and in the App, in the “Profile” menu. |
4. PRINCIPLES, DATA SECURITY |
Data Controller reserves the right to amend this Privacy Notice. Data Controller shall inform the data subject of the changes in an appropriate form (e.g. via e-mail). If the details of the data processing also change due to the amendment of the Privacy Notice, Data Controller shall separately request the consent of the data subject. |
Data Controller shall treat the disclosed personal data confidentially, shall take into account the principles of lawfulness, fairness and transparency under the GDPR, and shall treat personal data purpose-bound, with the principle of data minimisation in mind. Data Controller shall also comply with the principle of storage limitation, integrity, confidentiality, and consider the principle of accuracy under the GDPR. |
Data Controller ensures the security of the data, and takes the necessary technical and organizational measures, as well as implements the procedural rules that are needed to enforce the provisions laid down in the GDPR. |
5. PROCESSING OF PERSONAL DATA |
The data subjects provide their own personal data and are therefore the source of the data. |
The provision of data is voluntary, if the data subject does not provide the Data Controller with the data, the data subject cannot register in the App and/or use the App. |
The data is processed electronically. |
Data Controller does not use automated decision-making and does not perform profiling regarding the present data processing. |
5.1 Registration in the App |
To use the App, the data subjects need to register, and create a user account. |
Purpose of the processing | Creating a user profile. |
---|---|
Categories of personal data processed | Name, email address, password. Billing data (country, zip code, town, address). Voluntarily the phone number. |
Data subjects | Persons who wish to register in the App. |
Legal basis | Based on Article 6(1)(a) GDPR, the data subject's consent. |
Data retention period | Until the deletion of the user profile or until the consent is withdrawn. |
Recipients | Data processors specified in this Privacy Notice. |
Data transfer | There is no data transfer to third countries or international organisations. |
5.2 User profile |
After successful registration, the data subject can access their user account via the “Profile” menu. The user can also modify the user data in the App and view charging history. |
Purpose of the processing | Management and storage of user data related to the user account. |
---|---|
Categories of personal data processed | Name, email address, password. Billing data (country, zip code, town, address). Voluntarily the phone number. Charging history. |
Data subjects | Persons who register in the App and create a user account. |
Legal basis | Based on Article 6(1)(a) GDPR, the data subject's consent. |
Data retention period | Until the deletion of the user profile or until the consent is withdrawn. |
Recipients | Data processors specified in this Privacy Notice. |
Data transfer | There is no data transfer to third countries or international organisations. |
5.3 Charging data in the App |
Purpose of the processing | Management and storage of user data related to charging. |
---|---|
Categories of personal data processed | User account data as under section 5.2. and charging transaction data. |
Data subjects | Registered users who initiate charging via the App. |
Legal basis | Based on Article 6(1)(a) GDPR, the data subject's consent. |
Data retention period | Until the deletion of the user profile or until the consent is withdrawn. |
Recipients | Data processors specified in this Privacy Notice. |
Data transfer | There is no data transfer to third countries or international organisations. |
5.4 Enforcement of legal claims |
Purpose of the processing | Enforcement of the Data Controller's legal claims in relation to the legal relationship, including payment notices, litigation and dispute resolution. |
---|---|
Categories of personal data processed | User account data as under section 5.2. and charging transaction data. |
Data subjects | Registered users, or previously registered users |
Legal basis | Based on Article 6(1)(f) GDPR, the legitimate interest of the Data Controller. |
Data retention period | For 5 years after the deletion of the user profile. |
Recipients | The personal data may be disclosed to possible legal representatives of the Data Controller. |
Data transfer | There is no data transfer to third countries or international organisations. |
6. RIGHTS |
Data subject is entitled to exercise the following rights by sending a request to the following e-mail address: support@chargemetric.eu |
6.1 Withdrawal of consent |
You have the right to withdraw your consent to our data processing at any time. If you withdraw your consent for any reason, the processing will cease for the future and your data will be deleted. This also means that you will not be able to use the App as without data processing the use of the App is impossible. |
6.2 Right to access |
You are entitled to get access to your own data. For example, if you want to know which of your personal data is being processed in relation to your user status. |
By requesting information Data Controller provides you with a list of your personal data processed under this Privacy Notice. |
In case you need more copies later on, Data Controller may ask you to pay a reasonable fee for the copies. If your request for information is sent to the Data Controller electronically, the answer will be sent electronically as well, unless you requested otherwise. |
Subject to the data security rules, Data Controller shall only provide information to you if the Data Controller is convinced of the data subject's identity. If the identity is not verified, the Data Controller shall reject the data subject's request for exercise of rights and shall at the same time inform the data subject of the manner of exercising his or her rights. |
6.3 Right to rectification |
You may ask to rectify inaccurate personal data (for example in case of change in your phone number). |
6.4 Right to erasure |
You may request to erase your personal data for example when processing of your personal data is no longer necessary in relation to any purposes for which we collected these data. This is the case if you are no longer use the App and wish to delete your profile. |
We shall not fulfil your request if the storage of your personal data is necessary for compliance with a legal obligation or if the data is necessary to establish, exercise or defend legal claims (for example if those are needed in a legal action). |
6.5 Right to restrict the processing of your personal data |
In principle, when you ask to restrict the processing of your personal data we may store your personal data, but we could not do any other kind of processing operation. |
For example, you may ask us to restrict the processing of your personal data when: |
(a) the accuracy of your personal data is contested while steps are taken to correct or verify the accuracy, (b) the processing is unlawful but you require to restrict the processing instead of erasure, (c) we no longer require the personal data for the purposes for which it was collected, but you need them for the establishment, exercise or defence of your legal claim. |
6.6 Right to data portability |
You have the right to receive your personal data, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without obstruction from the Data Controller. |
6.7 Right to object |
You may object to the processing of your personal data processed under legitimate interest. In case you object to our processing, we cease to process your personal data for the purpose set out in this Privacy Notice. |
6.8 Process of exercising data subject’s rights |
Data Controller shall provide information on what action it took upon a request from the data subject within one month from the date of receipt. Considering the complexity of the request and the number of requests, this one-month period may be extended by a further two months by reasoned information sent to the data subject by the Data Controller within one month of the submission / receipt of the request to the Data Controller. |
7. LEGAL REMEDIES |
If the data subject has the impression that the processing of his/her personal data is not in compliance with the GDPR, the data subject is entitled to send a request to the following e-mail address: support@chargemetric.eu |
You are also entitled to file a complaint with the national Data Protection Authority of your residence: https://edpb.europa.eu/about-edpb/about-edpb/members_en |
In Hungary the supervisory authority is called Nemzeti Adatvédelmi és Információszabadság Hatóság. You may reach the authority at H-1055, Hungary, Budapest, Falk Miksa utca 9-11; postal address: H-1363 Budapest, Pf. 9., or you may contact it via e-mail on ugyfelszolgalat@naih.hu or phone via +36 (1) 391-1400. |
You also have the right to file a lawsuit at court (at the court of your permanent or temporary residence). |