PERSONAL DATA PROTECTION POLICY and COOKIE POLICY FOR EV CHARGING SOLUTIONS
I. PERSONAL DATA PROTECTION POLICY
1. PURPOSE
Etrel d.o.o. is the company incorporated under the law of Republic of Slovenija, having its registered seat at Cesta ob Bregu 6, 1291 Škofljica, Slovenia, with registration number: 2360748000 (hereinafter referred to as: “Etrel” or “Controller”) and may act as Data Controller or Data Processor.
ETREL collects and processes Personal Data in the day-to-day operations of its business. This Policy has been implemented to subscribe ETREL’s relevant data privacy principals for the protection of Personal Data during the processing of Personal Data of its customers, contractors and other business partners related to EV Charging Solutions of Etrel.
This Policy applies to all users (operators as defined below, customers of operators) of ETREL’s EV Charging Solutions for charging stations, when ordering products and when Etrel provides services for EV Charging Solutions product and/or for news and organized events (Etrel Newsletter) and/ or when using any of technical support or services offered by Etrel.
Personal data will be handled carefully and in accordance with (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (hereinafter: General Data Protection Regulation, GDPR) and applicable Slovenian data protection law and other legal regulations governing the protection of personal data.
“Personal Data” means any information relating to an individual that can be used to identify that individual
“Operators” for the meaning of this Policy are ETREL’s clients/customers who manage their users (end users) via the back-end OCEAN system and can grant access to ETREL for 2nd and 3rd level of support also by processing the Personal data of their users to ETREL. When ETREL is giving the 2nd and 3rd level of support to Operators, ETREL will have access to certain Personal Data by connecting to the person’s Ocean instance via administrative role and ETREL is acting as the Data Processor.
“User” means any individual where Etrel is acting:
• as Data Collector when Personal Data are collected directly by Etrel under this Policy:
• as the Data Processor when operators’ end- users or operators disclose Etrel the Personal Data of their user to provide the support by Etrel. Generally, Etrel has access to operators’ backend system when offering the 2nd and 3rd level of support and operators grant access to Personal Data of end-users via administrative role. Once the access to operators end users is granted to Etrel, Etrel has access to Personal Data as are: i) basic personal data (first and last name, billing address, telephone number); ii) information about the sessions end user or operator initiate; iii) information about the device (EV Charging Solution) and end users’ browser; iv) identification data of vehicle and type of vehicle.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.1. Contact Information of the Controller
The controller does not have a designated data protection officer. All requests and information regarding personal data can be obtained by sending a request or inquiry to:
• email address: support@etrel.com
• phone number: 01 60 10 075
• address: ETREL, d.o.o., Cesta ob bregu 6, 1291 Škofljica, with the addendum “Personal data protection in relation to users of products EV Charging Solutions”.
3. CATEGORIES OF PERSONAL DATA, LEGAL BASIS, AND PURPOSES OF PROCESSING PERSONAL DATA
In accordance with the General Data Protection Regulation, personal data is any information relating to an identified or identifiable individual. An identifiable individual is one who can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual (hereinafter referred to as “user”).
The controller collects and processes personal data based on consent, contractual relationship, and/or for the purpose of conducting its activities and legitimate interests of the controller.
For the purpose of conducting its advertising activities, the controller is obliged to comply with legal obligations, e.g., based on legislation regulating ETREL’s obligations under the Consumers’ protection law.
Personal data is also collected for the purpose of safeguarding the legitimate interests of the controller or third parties or for protecting the interests of the user, including, among other things, for the detection and prevention of fraud, ensuring the security of information technology and networks.
Personal data is also processed for technical, administrative, and operational reasons in to provide the operators and/or users with content and support and services given to users/operators for EV Charging Solutions products that is most to improve the operation of EV Charging Solutions products or, including its usability, for troubleshooting purposes, data analysis for marketing purposes (including targeted marketing), service and technical support to operators and operators’ end users,
Providing personal data is mandatory for the performance of a contractual relationship or legal obligations. If an individual does not provide personal data, the ETREL will not be able to provide the services it offers or the services under valid contract concluded with user.
When user is connected to Etrel’s backend system and uploads the various Personal Data, Etrel collects and processes personal data provided by the user via Ocean instance, Personal data from users are also collected when user is reporting technical issues with the use of EV Charging Solutions.
The controller does not collect or process special categories (sensitive) of personal data (e.g., information on ethnic origin, political opinions, religious or philosophical beliefs, etc., as defined by the GDPR), except when:
– required by law,
– separately provided by the user based on explicit consent,
– another reason from Article 9 of the General Regulation is fulfilled.
If a user voluntarily provides personal data (including sensitive personal data) through the website or e-mail or app and not at the request of the controller, the controller will delete such personal data from its systems if it considers that the processing of such personal data is not necessary for a lawful purpose; in this case, the controller will only delete the personal data if required by law or if the controller does not wish to retain them.
In other cases where personal data is collected, providing personal data is optional, and the user is not obliged to provide it.
3.1. PROCESSING OF PERSONAL DATA BASED ON CONSENT
3.1.1. Collection of personal data for the purpose of mutual communication
The controller collects and processes personal data if the user has addressed a question to the controller and established contact with the controller, whereby it is considered that the user consents to the provision of personal data. This Policy is also applicable to the Etrel’s operators and customers (including customer’s and operator’s end- users), suppliers and other business partners. Etrel may process Personal Data for the following purposes:
• For marketing communications (such as notifications about new products or information on upgrades of existing products)
• For marketing communications, based on targeted or individualized offers. The use of some personal data helps Etrel to personalized communication with user so that it’s as interesting and useful to user as possible. Based on certain personal data, Etrel can divide individuals into groups, enabling Etrel to tailor the content of messages to each group. Etrel monitors individuals’/user’s activities when categorizing users. Marketing communication with targeted or individual offers will be conducted only with user’s explicit consent.
• Preparing the offer for negotiating the contracts;
• Providing certain information about EV Charging Solutions.
The controller also collects personal data through the web interface if user has wanted to establish contact with the controller on the website or through e-mail and has provided requested personal data for this purpose.
Based on personal consent, the controller can collect and processes the following personal data:
• identity data; name and surname, date of birth,
• street address, postal code, city;
• email address;
• phone number;
• billing address;
• information about the company user works, position within the company user works (role in the company, number of employees);
• information about the user’s device and browser;
• electric vehicle data (manufacturer, model, type, battery capacity);
• information about the session user initiated.
The processing of Personal Data as defined in this 3.1.1. point affects the customers, employee’s business partners’ users, operators’ employees, contact persons (for the payer- company, business partner).
In the event of marketing to prospective customers, as may be conducted by the Etrel or its partners (operators) Etrel will first obtain user’s consent and ensure provisions are made to opt-out of such marketing for any time.
3.2. CATEGORIES OF PERSONAL DATA THAT THE CONTROLLER COLLECTS FOR THE PURPOSE OF PROVIDING SERVICES/PRODUCTS TO USERS
The controller also processes personal data for the purpose of:
➢ fulfilment of the Etrel’s contractual obligations;
➢ provision of after-sale services after the purchase of EV Charging Solutions;
➢ processing support;
➢ processing customer/user’s request;
➢ invoicing and billing management;
➢ executing a contract or pre- contractual measures.
This shall effect of the following groups of individuals:
– Customers;
– Employee’s;
– Payers (if not the same person as customer);
– Business partners/operators’’ users (end users);
– System operators’ employees;
– Contact persons (for the payer – company, operators, other business partners, operator’s end users).
The controller may collect and processes the following category of Personal Data:
• Identity data for invoicing: first name, last name, date of birth, e-mail, language, phone number, country, region, city, zip code, house/apartment number, username, payer ID, payment methods, location, nation ID number, tax ID number, contact ID;
• Data relating to the services/products provided (including metering data), feedback the partner/operators provide, metering related data (including electricity consumption): location, date and time of charging, duration of charging, value charged, pictures, charging station’s location information;
• Data relating to the vehicle data: manufacturer, model, type, battery capacity, driving range.
3.3. COLLECTION AND PROCESSING OF PERSONAL DATA BASED ON LEGITIMATE INTERESTS
The controller collects and processes personal data based on the legitimate interests of the controller in order to improve services, operator’s or customer experience, namely for the following purposes:
➢ statistical analysis of website/app visit;
➢ detection and prevention of fraud, ensuring the security of information technology and network;
➢ ensuring and improving the operation of the website/app and services of the controller;
➢ interacting with user for the customer management purpose;
➢ processing customer’s request;
➢ evaluation of data collected by our products/services.
For the specified purposes, the controller collects and processes the following personal data:
• Identity data: first name, last name, date of birth, e-mail, language, phone number, country, region, city, zip code, house/apartmern number, username, payer ID, payment methods, location, nation ID number, tax ID number, contact ID, IP address, position within the company user works;
• Data relating to the services provided : location pictures, charging station’s location information, date and time of charging, duration of charging, value charged,electricity consumption;
• Data relating to the vehicle data: manufacturer, model, type, battery capacity, driving range.
.
3.4. PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF FULFILLING THE LEGAL OBLIGATIONS OF THE CONTROLLER
The controller collects and processes the user’s personal data based on the legal obligations binding on the controller, namely for the purpose of complying with applicable legislation in the field of Consumer protection rights, fraud, and deceit.
For the stated purposes, the controller collects and processes the following personal data:
• Identity data: first name, last name, date of birth, e-mail, language, phone number, country, region, city, zip code, house/apartment number, username, payer ID, payment methods, location, nation ID number, tax ID number, contact ID;
• Data relating to the services provided (including metering data), feedback the partner provides, metering related data (including electricity consumption): location, date and time of charging, duration of charging, value charged, location pictures, charging station’s location information;
• Data relating to the vehicle data: manufacturer, model, type, battery capacity, driving range.
4. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES, TO THIRD COUNTRIES, OR INTERNATIONAL ORGANIZATIONS
At the controller, a limited number of employees or contractual partners have access to personal data for the purpose of carrying out business processes (employees in marketing departments, marketing, accounting,). These employees or contractual partners are bound by confidentiality obligations regarding the protection of personal data. The controller has established appropriate technical and organizational processes and measures to:
➢ protect the application software used to process personal data,
➢prevent unauthorized access to personal data during their transmission, including transmission via telecommunications means and networks,
➢ ensure an effective method of archiving, destroying, erasing, or anonymizing personal data,
➢ protect premises, hardware, and software,
➢ enable later determination of when individual personal data were processed and by whom, for the period during which the individual data are stored.
The controller may disclose personal data to state authorities and law enforcement authorities if required by applicable law or if necessary to assert the controller’s rights, including the terms of use of the controller or to protect the legitimate interests of the controller in accordance with applicable law.
The controller may disclose personal data to state authorities authorized to conduct various investigations in accordance with applicable law.
The controller also discloses user personal data to third parties, including:
➢ support in the field of IT, security, and business resources (these providers act as processors of personal data, and the controller has signed appropriate data processing agreements with them),
➢ business partners, operators, suppliers, and subcontractors to execute any contract concluded by the controller with the user (these providers act as processors of personal data, and the controller has signed appropriate data processing agreements with them),
➢ Advertisers and advertising networks that need personal data to select and display relevant ads. The controller does not disclose identifiable individual data to advertisers but provides them with aggregate user data (with such aggregate data, advertisers can reach specific types of their target audience. The personal data collected by the controller from the user may be used and disclosed to advertisers, thus targeting their ads to the desired target audience),
➢ Analytics and search engine providers who try to improve and optimize the website/app for the controller.
The controller may, if necessary, share personal data with external consultants (e.g., lawyers, accountants, auditors), who provide appropriate protective measures against any unauthorized disclosure of personal data. The controller endeavours to exercise due diligence in selecting unrelated service providers and requires these service providers to maintain appropriate technical and organizational security measures to protect personal data and to process personal data only in accordance with the controller’s instructions. Service providers may use subcontractors in providing services to the controller, with the subcontractor being required to meet the same data protection requirements as the service provider itself.
If Personal Data may is to be used for a new purpose (other then covered by this Policy) and that purpose is materially different from which Personal Data was originally collected and processed or authorized or if the Personal Data should be disclosed to third party, not specified in valid Policy, Etrel will obtain your prior consent. Requests for opt-ut of such collection of Personal Data should be sent to ETREL on e-mail: support@etrel.com or on address of ETREL – Cesta ob bregu 6, 1291 Škofljica, with the addendum “Personal data protection in relation to users of services/products EV Charging Solutions.
4.1. DATA TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The controller may transfer personal data to third parties, to third countries, or international organizations. An exception is statistical data on website visits and usage, for which Google Analytics and Facebook online platforms are used for sending electronic notifications and informing about news and offers, as well as the controller’s e-publications.
The Google Analytics online platform, in its Terms of Service and Privacy Policy, ensures compliance with the rules of the General Data Protection Regulation (GDPR) and confirms that it has obtained certification of compliance with the EU-U.S. Privacy Shield Framework.
Google Analytics allows users to adjust their data processing settings using the Google Analytics tool. All information about Google’s terms of service and privacy policy is available in Terms of Service and Privacy Policy on Google website.
The use of third parties may involve the transfer of Personal Data across country borders. Also, business processes may require the transfer of Personal Data within the Company internationally.
If Personal Data is processed within the EU/ EEA, and in the event Personal Data is disclosed to third parties or to a country not considered as providing a sufficient level of protection according to applicable law ETREL will ensure, as necessary, that it implements Standard Contractual Clauses (SCC) as approved by the EU Commission or as approved by another Supervisory Authority according to Applicable Law and completes self-certification registration under the EU-US Data Privacy Framework Agreement and takes supplementary measures, such as an adequacy assessment, or adopts a Data Processing Addendum.
For Personal Data not processed within the EU/EEA, and in the event Personal Data are disclosed to third parties located outside the user’s jurisdiction, ETREL will ensure it obtains the required consents, implements necessary safeguards to protect Personal Data, and / or obtains Supervisory Authority approval as may be required. Those mechanisms may differ depending on the country and relevant applicable law.
5. LINKS TO OTHER WEBSITES
The controller’s website may contain links to websites that are not under the control of the controller. By clicking on a third-party link, the user will be redirected to the third-party website. If the user decides to view linked websites, the controller advises reading their privacy notices. The controller is not responsible for the policies and practices of other companies or controllers, as it has no control over them and assumes no responsibility for the content, privacy policies, notices, or practices of third-party websites or services.
6. COOKIES AND SOCIAL MEDIA PLUGINS
Cookies are used to distinguish users of the website with the purpose of providing the user with a good experience while browsing the website and enabling the improvement of the website. This type of processing is based on the user’s personal consent expressed on the website or through settings in the user’s browser. All detailed information about the cookies used by the controller, how long they are used, and for what purposes they are used, is defined in the Cookie Policy, which is published at the bottom of the indomio.si website. Etrel’s cookies policy is defined and disclosed in Chapter II.
The Etrel’s website may include features of social media platforms, such as Facebook, LinkedIn, or YouTube buttons. These features may collect data about the user, such as IP address and the web pages visited by the user and may set a cookie that ensures the proper functioning of the feature.
7. RETENTION PERIOD OF PERSONAL DATA
Personal data of the user obtained based on personal consent are processed until the user revokes their consent.
Processed personal data of the user based on a contract may be retained for up to 10 years after the fulfilment of contractual obligations by both parties.
Processed personal data collected on legitimate interests are retained until the individual’s rights are exercised or as long as the original purpose for which they were collected exists.
The retention period may vary depending on the country where the user resides and on the applicable law.
8. INDIVIDUAL RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA
Based on the General Data Protection Regulation and applicable legislation, the user has the following rights:
➢The individual ‘s right of access to their personal data
The user/individual person has the right to obtain confirmation from the controller as to whether or personal data concerning them are being processed and, if so, access to the personal data.
➢ Right to rectification
The user/ individual person has the right to have inaccurate personal data concerning them rectified without undue delay by the controller. Considering the purposes of the processing, the user/individual person has the right to have incomplete personal data completed.
➢ Right to erasure
The user/individual person has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay.
➢ Right to restriction of processing
The user/ individual person has the right to obtain from the controller restriction of processing where the accuracy of the data is contested by the data subject, where the processing is unlawful and the user/individual person opposes the erasure of the personal data and requests the restriction of their use instead, where the user/individual person has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject, or where the controller no longer needs the personal data for the purposes of the processing but they are required by the user/individual person for the establishment, exercise or defence of legal claims.
➢ Right to data portability
The user/ individual person has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
➢ Right to object
The user/individual person has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the legitimate interests pursued by the controller, including profiling.
➢ Automated individual decision-making, including profiling
The user/individual person has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
➢ Right to lodge a complaint with a supervisory authority
The user/ individual person has the right to lodge a complaint concerning the processing of their personal data with the competent supervisory authority, i.e., the Information Commissioner of the Republic of Slovenia.
8.1. Procedure for exercising individual rights
The user/individual person may exercise their rights at any time in accordance with the General Data Protection Regulation. This can be done by sending a request to support@etrel.com to exercise their rights.
II. COOKIE POLICY
9. COOKIES
9.1. What are cookies
Cookies are small text files that most websites store on devices with which users access the Internet. They are designed to recognized individual devices that users used to access a website. Their storage is completely controlled by the user’s web browser. Users can freely restrict or block the storage of cookies. Cookies are not harmful and always expire.
9.2. Why are cookies used
ETREL uses cookies to ensure user-friendly web services, a pleasant user experience, and to track site visits. They are of key importance to ensure user-friendly website services. Thanks to cookies, the interaction between the user and website is easier and simpler. With their help, a website can remember the user’s preferences and experiences, which saves time, and makes for a more effective and user-friendly browsing experience.
Some examples on how cookies are used:
• Improving the user experience of a website by adjusting the way content of the website is displayed based on past visits
• Storing choices, the user made when displaying a selection of devices and offers, and displaying comparisons
• Recognizing your device (computer, tablet, smartphone), which allows us to adjust how the content is displayed to fit the device.
• Tracking visits, which allows us to check how effective the content we display is, to make sure ads are relevant, and to continuously improve our websites.
9.3. Cookie types
9.3.1. Strictly necessary cookies
Necessary cookies enable the use of components necessary for the website/app to function correctly. Without these cookies, the services that you’d like to use on this website wouldn’t work correctly.
9.3.2. Performance cookies
These cookies collect data on how users behave on the website in order to improve the performance component of a website (e.g. which content on our website you visit most often). These cookies do not collect information which could identify the users. They ensure that using the website is a pleasant experience.
9.3.3. Functionality cookies
These cookies enable the website to remember some of user’s settings and choices (e.g. language, region) and enable advanced, personalized functions. These cookies may allow user’s actions on the website to be tracked.
9.3.4. Advertising or targeted cookies
These cookies are most commonly used by advertising and social networks (third parties) with the goal to show user more targeted ads, reduce repetition of ads, or measure the effectiveness of advertising campaigns. These cookies enable user’s actions on the Internet to be tracked.
9.3.5. Controlling cookies
User decides if he/she/it wants to use cookies. User can always delete cookies, thereby removing user’s visibility on the Internet. User can set up most browsers so that they don’t store cookies.
For more information about the options available for each browser, ETREL recommends user to check settings:
• Internet Explorer 9
• Internet Explorer 7 and 8
• Chrome
• Firefox
• Opera
• Safari
Etrel’s website uses cookies which enable us to improve and optimize website, giving user better experience. Cookies are simple text files that some website store on user’s computer through browser, and save some non-personal data.
Using cookies allows Etrel to adapt online content to make it more attractive to individuals. Additionally, Etrel conducts website use analyses which allow Etrel to improve and edit website to make it more user friendly.
Some cookies are strictly necessary, because website couldn’t work without them, whereas user can refuse all other cookies. Etrel uses strictly necessary cookies to store statistical data about the use of website and to store information necessary for contact forms available on website.
In addition to strictly necessary cookies, Etrel uses other cookies that allow Etrel to get to know its users better and to provide user with targeted advertising on the basis of the data collect. Refusing cookies can cause certain content or functions of the website to not function properly (especially features that allow the website to adapt to the interests of the user).
Overview of all cookies: In addition to first-party cookies, Etrel uses the following third-party cookies: Google Analytics, Google AdWords, Display Advertising extension for Google Analytics (all listed cookies by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Hotjar, ActiveCampaign (by ActiveCampaign, LLC, North Dearborn Street, 5th Floor, Chicago, IL 60602), AdRoll (by AdRoll Inc. 972 Mission Street, San Francisco, CA 94103), Facebook Custom Audience in Facebook remarketing (by Facebook Inc, 1 Hacker Way, Menlo Park, CA 9420).
User can refuse all third-party cookies listed above or delete them from browser at any time in way:
• To delete the Google Analytics cookies, set browser to refuse cookies with the domain ‘pum’.
• To delete the Google AdWords cookies, set browser to refuse cookies with the domain “www.etrel.com”.
• To delete the Display Advertising extension for Google Analytics cookies, set browser to refuse cookies with the domain ‘__ar_v4’.
• To delete the Hotjar cookies, set browser to refuse cookies with the domain ‘_hjIncludedInSample’.
• To delete the ActiveCampaign cookies, set browser to refuse cookies with the domain ‘_form_’.
• To delete the AdRoll cookies,
• browser to refuse cookies with the domain ‘_te_’.
• To delete the Facebook Custom Audience and Facebook remarketing cookies, set browser to refuse cookies with the domain ‘facebook’.
Etrel wants to remind users that the service providers listed above may collect certain personal data, which is not connected to the data collection done by Etrel. Any such independent personal data collection is not covered by this Policy, but is covered by the privacy policies of each cookie provider.
User can read more about personal data protection for third-party cookies in the privacy policies of each third-party cookie provider:
• Google – Privacy Policy
• Hotjar – Privacy Policy
• ActiveCampaign – Privacy Policy
• AdRoll – Privacy Policy
• Facebook – Privacy Policy
• MailChimp – Privacy Policy.
Etrel uses certain elements of other providers on its website, namely Facebook, LinkedIn and MailChimp. These providers use cookies that you can refuse in browser. The terms of use for these elements are defined in the security policies of each provider, which user can find in the links listed above.
9.4. Web plugins and access to social networks
Etrel’s website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA), while YouTube is controlled by Google. If user visits Etrel’s website’s content that contains a YouTube plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of user’s visit to our website.
More about how YouTube handles user data can be found on their website.
Etrel also uses social media, such as Facebook and LinkedIn. Facebook and LinkedIn operate in accordance with their own terms of use and policies that govern the handling of user data. Etrel wants to remind users that they are themselves responsible for any posts on social media and that each user is responsible to direct any questions or the exercise of their rights to the appropriate social network.
Etrel assumes no responsibility for any activities related to social media.
10. CHANGES TO THE PRIVACY and COOKIE POLICY AND VALIDITY
The controller may change the cookie and/or privacy policy, and the user will be notified on the website in a manner that requires the user to reaffirm their awareness of the privacy policy.
Škofljica, April 2025
Etrel, d.o.o.
Lovrenc Švegl
Director