Skip to content

Latest commit

 

History

History
151 lines (80 loc) · 17 KB

en-nrgi-privacy-policy.md

File metadata and controls

151 lines (80 loc) · 17 KB

PRIVACY POLICY

NRGi Elhandel A/S, Dusager 22, 8200 Aarhus N

CVR-no.: 32285759

Email: [email protected]

Overview

  1. Introduction

At NRGi Elhandel A/S, Dusager 22., 8200 Aarhus N, Denmark, CVR-no. 32285759 ("NRGi", "we", "us", "our"), we understand the importance of treating the personal data of our customers, vendors, business partners, visitors to our website and other persons we interact with in a confidential and private manner. Transparency is a fundamental value at NRGi, and NRGi is committed to following the requirements and obligations in relation to data privacy in accordance with applicable law, including the EU General Data Protection Regulation ("GDPR"). Therefore, we have secure and adequate data processing procedures in place.

NRGi is the data controller for the processing of your personal data. This privacy policy will explain how NRGi uses the personal data we collect from you when you use our website, user portals and mobile applications.

When we talk about our "Website" we mean www.NRGi.com and the other sites and applications we own and operate. When we refer to "user portals" and "mobile applications", we mean our product "NRGi".

If you have any question to this Privacy Policy or you wish to exercise your data subject rights pursuant to Chapter III of the GDPR and according to section 7 of this Privacy Policy, please contact NRGi on [email protected]

  1. Categories of personal data, purpose, and legal basis

2.1 Visitors on our Website, user portals, and/or mobile applications, and newsletter recipients

When you visit our Website, user portals, and/or mobile applications NRGi will process personal data about you, for instance, cookies, browser type and version, IP-address, and length of visit. The purpose of using cookies is, i.a., to improve your user experience on our Website, user portals, and/or mobile applications to provide functionality, to generate statistics, to target the marketing of our products to your needs, and to remember your preferences.

The legitimate interests pursued are to provide you with products and services that work optimally, a good website experience and marketing activities. The legal basis for the processing of your personal data is Art. 6(1)(f) of the GDPR. In certain cases, the legal basis for the processing of your personal data in this regard is your consent, which you will be asked to give when you visit the Website, user portals, and/or mobile applications, cf. Art. 6(1)(a) of the GDPR. You may find more information about our use of cookies in the cookie policy when entering our Website.

If you wish to receive a newsletter or book a demo, we also process the following information about you: name and surname, subject(s) of interest and your email address in order to tailor the content of and to send our newsletters to you. The legal basis for the processing of your personal data in this respect is our legitimate interests in branding our products and business and the relevant marketing material that you have requested, cf. Art. 6(1)(f) of the GDPR. You may at any time with future effect unsubscribe to receiving our newsletter. To declare that you wish to unsubscribe, you may use the respective link included in all newsletters or send an email to [email protected].

2.2 Customers

When you register your profile, NRGi will process personal data about you, including your name, email address, telephone number, your postal address, bank and payment information, and information on the services purchased. The purpose of the processing of your personal data is to supply you with our services.

When you use our services, NRGi will further process information related to date and time, frequency, location, and pattern of EV charging. Information related to purchases include name, contact details, address, cost, and transaction details. We use Stripe as a third party credit card payment processing company to collect payment information. If you submit payment information, we will share with Stripe information such as your debit/credit card number, billing address, phone number, and installed application information in order to process payments. In such circumstances, the third-party provider, and not NRGi, stores your payment information on our behalf acting as a data processor, and in order to process payments to your Wallet inside of the application, they process information about your phone number and installed application information.

The legal basis for the processing of your personal data in that regard is Art. 6(1)(b) of the GDPR. This is either because the processing is necessary for the performance of a contract to which you are a party or because it is necessary in order to take steps at the request of you prior to entering into a contract.

2.3 Contact persons at a vendor or another business partner

As a contact person at a vendor or another business partner, NRGi processes your personal data when you communicate with NRGi, e.g., via emails in connection with NRGi's existing contractual relation with the company you are employed with or in connection with the conclusion or termination of a contract. NRGi processes ordinary personal data about you, including your name, email address, telephone number, position, etc.

The legal basis for such processing of your personal data is that the processing is necessary for the purposes of legitimate interests pursued by NRGi. NRGi's legitimate interests are fulfilment of our contractual obligations, maintaining and enhancing business relationships, invoicing for the services your company provides to NRGi and/or vice versa, communicating with you if you have any questions related to our services or vice versa, and for documentation purposes in the event you agree on matters relating to our services in writing via email. The legal basis for the processing of your personal data is Art. 6(1)(f) of the GDPR.

In some cases, processing of personal data is necessary in order to comply with a legal obligation to which NRGi is subject, for instance in relation to the obligation on the preservation of accounting records pursuant to the Danish Bookkeeping Act. In such case, the legal basis for the processing is Art. 6(1)(c) of the GDPR.

2.4 Inquiries via chat function in our user portals and mobile applications

If you submit an inquiry relating to NRGi's services via NRGi's chat function, NRGi will process personal data about you e.g., your IP-address, geographic location, and the personal data you include in your inquiry, e.g., name, email address and telephone number. NRGi will not process special categories of personal data (sensitive personal data) about you, unless you have provided us with such information, e.g., through the chat function. NRGi kindly encourages you not to send such sensitive personal data.

The legitimate interests pursued are to provide customer support by answering the inquiries and business development. The legal basis for the processing of your personal data is Art. 6(1)(f) of the GDPR.

  1. Recipients of your personal data

Where relevant, NRGi may disclose or transfer your personal data to affiliates of NRGi, business partners or other collaborators for business purposes. Such third parties also include social media providers, as described in section 6 below.

In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of NRGi's legal claims, NRGi may disclose your personal data to its advisers or other relevant third parties provided it is deemed necessary and lawful.

NRGi uses third-party service providers, such as managed hosting providers, credit card processors, and technology partners to provide the software, networking, marketing, logistics, infrastructure, and other services required to operate, develop, deliver, and maintain our product and services, and fulfil our other purposes as defined in this Privacy Policy. When a third-party processes personal data on our behalf, the processing is in accordance with documented instructions given by NRGi and further terms and conditions stated in a data processor agreement entered with NRGi. These data processors are not permitted to process your personal data for their own purposes. NRGi ensures that the processing is conducted safely and in accordance with all applicable privacy laws, with includes but is not limited to the GDPR.

  1. Transfer of your personal data to a third country (outside of eu/eea)

In certain cases, your personal data may be transferred to countries outside of the EU/EEA. NRGi ensures that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of the EU/EEA that will receive your personal data will ensure an adequate level of protection, for example, by entering into the EU standard contractual clauses ("SCCs") with NRGi. NRGi will ensure the implementation of supplementary safeguards if deemed necessary in the specific case. You may receive a copy of the legal basis for transfers upon request. Please contact [email protected].

  1. Storage of your personal data

NRGi will only store your personal data as long as it is deemed necessary to fulfil the purposes for the processing of your personal data. NRGi maintains industry standard security safeguards to protect your data. We encrypt data in transit and at rest, where appropriate, to ensure that your information is kept private.

NRGi securely stores your data on our secure (password- and firewall-protected) servers. All payment information is fully encrypted and handled only by PCI certified organizations. You acknowledge that the transmission of information over the internet is inherently insecure, and NRGi cannot guarantee the security of data sent over the internet. Emails sent via the internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

Access controls are in place to limit access to your information to those who need it to perform their jobs. For example, information about you may be provided to our customer support team to help you with your requests.

5.1 Visitors on our Website, user portals, and/or mobile applications, and newsletters recipients

Personal data related to your newsletter account is stored until you withdraw your consent and no longer wish to receive newsletters from us.

Personal data collected via cookies through use of our Website, user portals, and/or mobile applications are stored for different periods depending on the type and purpose of the cookie in question.

Personal data collected in relation to the use of social media will be erased when the content is deleted or when you withdraw your response to our content (likes, sharing, etc.). See more in section 6 below.

5.2 Customers

Personal data about customers are generally deleted when they are no longer necessary for the purpose of collection. Personal data is deleted 3 years after termination of the contractual relationship between NRGi and the customer, if it is assessed that continued storage is not necessary for documentation purposes. If storage is not necessary for documentation purposes, the personal data will be deleted upon termination of the contractual relationship.

5.3 Contact person at a vendor or another business partner

If you are a contact person at a vendor or another business partner, NRGi will store personal data about you as long as NRGi communicates with you because you are NRGi's point of contact, 3 years after termination of the contractual relationship, or until it is no longer necessary for the establishment, exercise, or defence of a legal claim.

5.4 Inquiries via chat function in our user portals and mobile applications

The inquiries from potential customers will be deleted 3 years after the inquiry is resolved, unless it is deemed necessary to store such inquiries for documentation purposes e.g., due to a dispute, including for the establishment, exercise or defence of legal claims.

The inquiries from existing customers will be deleted 3 years from the termination of the contractual relationship, unless it is deemed necessary to store such inquiries for documentation purposes e.g., due to a dispute, including for the establishment, exercise, or defence of a legal claim.

5.5 Bookkeeping material

NRGi will store your personal data to the extent it is necessary for bookkeeping purposes such as personal data related to invoicing. Such personal data will be stored for a period of 5 years from the end of the financial year to which the accounting records relate. The purpose is to comply with the legal obligation pursuant to the Danish Bookkeeping Act.

  1. Social media

Our Website use social media plug-ins ("plug-ins") from the social networking sites Facebook, Instagram, LinkedIn. When you visit our social media sites on Facebook, Instagram and LinkedIn or our Website where social media plugins have been installed, our social media service providers collect and process your personal data using cookies, subject to your consent to the service provider, as applicable. Such collection and processing take place even if you have no account on the social media.

If you access our Website using such a plug-in, your browser will contact the server of the underlying social networking site, load the visual presentation of the plug-in, and present it to you. While this is happening, the social networking site receives information concerning your visit to our website, as well as further data such as your IP address. NRGi receives anonymous demographic and geographic statistics from the social media on the visitors on our Website and our social media sites.

NRGi is joint data controller with our social media providers for personal data collected and processed in connection with your visit to our social media sites and our Website. It means, among other things, that you may contact both NRGi and the social media providers to exercise your rights under the GDPR. Facebook, Instagram, and LinkedIn have primary responsibility for ensuring compliance with the GDPR and responding to requests from visitors on Facebook, Instagram, and LinkedIn. If you are registered as user of Facebook, Instagram and/or LinkedIn, you may exercise your rights via your account settings on Facebook, Instagram and/or LinkedIn.

We have no influence on the amount of data that social networking sites collect via an active plug-in. For more information, please consult the relevant data privacy notice:

Facebook: www.facebook.com/policy Instagram: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0 LinkedIn: https://www.linkedin.com/legal/privacy-policy

  1. Your rights

NRGi has implemented several measures to protect your personal data and ensure your rights. As a data subject, you can exercise the rights listed below.

The Danish Data Protection Agency has prepared guidelines regarding the data subjects’ rights available on the agency's website.

As a data subject you have the following specific rights, unless otherwise exceptionally provided by the data protection legislation:

Right of access Right of rectification Right of erasure ("right to be forgotten") Right to restriction of processing Right to data portability Right to object

7.1 Right to complain to the Data Protection Agency

If you disagree with the way in which NRGi processes your personal data, you may file a complaint with the Data Protection Agency, using the contact details that are available at www.datatilsynet.dk. However, we hope that you will contact us first, using the below contact details, so that we may reach agreement.

7.2 Right to withdraw a former consent

If the processing of your personal data is based on your consent, cf. Art. 6(1)(a) of the GDPR, you have the right to withdraw your consent at any time. Please note that your withdrawal does not affect the lawfulness of the previous processing of your personal data which until your withdrawal has been based on your consent.

If you wish to exercise any of the above-mentioned rights, or if you wish to withdraw a former consent, you are welcome to contact us at [email protected].

  1. Questions or complaints

If you have any questions relating to this Privacy Policy, you wish to exercise your rights as mentioned above, or you disagree with the way NRGi processes your personal data, you can contact NRGi at [email protected].

You can also file a complaint to the relevant data protection supervisory authority, which is an independent public authority that, inter alia, is responsible for monitoring and enforcing the application of the GDPR. In Denmark, the relevant authority is the Danish Data Protection Agency. The Danish Data Protection Agency's contact information is available on its website: www.datatilsynet.dk.

  1. Amendments to this privacy policy

NRGi has the right to modify this Privacy Policy regarding new technologies, regulatory requirements, or other purposes. For this reason, please visit this page periodically. Below is highlighted the date when the last version of this Privacy Policy has been uploaded.

Date of the most recent version of this Privacy Policy: 16 January 2024.