Privacy Policy

1. General information on data processing

This Privacy Policy (“Policy”) explains how your information is collected, used, and disclosed by Netiqs Ltd (“Netiqs”/”we”/”us”/ “our”) in connection with the use of our Netiqs app. This Policy applies where we are acting as a Data Controller, where we determine the purposes and means of the processing of the personal data in accordance with the requirements of the General Data Protection Regulation (“GDPR”). Processing activities that are not covered by this data protection declaration may be supplemented by further data protection declarations that must be observed separately.

The General Data Protection Regulation (GDPR) describes how organizations must collect, handle, process, and store personal information. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by the following key principles of data protection:

Processed lawfully, fairly and in a transparent manner.
Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accurate and kept up to date. Every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay.
Kept for no longer than is necessary for the purposes for which the personal data is processed.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Not transferred to other countries, unless that country or territory also ensures an adequate level of protection.

We take these responsibilities seriously and this document describes our approach to data protection.

This policy helps to protect us from data security risks, including:

Breaches of confidentiality. For instance, information being given out inappropriately.
Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
Reputational damage. For instance, the company could suffer reputational loss if unauthorized users successfully gained access to sensitive data.
Any other risks related to the collection, storage, or processing of your data.

1.1 Controller

The Data Controller of your personal data is:

Netiqs Ltd (“Netiqs “/”we”/”us”)
One Lyric Square, London W6 0NB
United Kingdom
privacy@netiqs.com

Netiqs Ltd is a European climate tech company, dedicated to changing lifestyles towards sustainability by adapting behavioral economics. Netiqs ‘s mission is to create a fast, fun, enjoyable and seamless transition to e-mobility, improved sustainable and efficient consumption and personalisation of professional commuting and travel with electric vehicles.

Headquartered in London with Central European Operations based in The Netherlands, the DACH region is the first market to launch in the European expansion plans. The mission of the company is to lower carbon emissions by accelerating the switch to electric vehicles and clean energy.

The mobile Netiqs App developed by Netiqs Ltd is designed to simplify and optimize the charging of electric vehicles and to reward sustainable driving.

The company is registered in the United Kingdom and is registered with the Information Commissioner’s Office.

1.2 Who this privacy policy applies to

This policy relates to the users of the mobile application Netiqs App. Processing of your data is required in order for you to be able to use the application, and so that we can offer you our services. It applies to all data that the company holds relating to identifiable individuals. The categories of personal data that are being processed are separately stated for each processing activity further below in this Privacy Policy.

We do not routinely collect or process sensitive data about you. However, where this is the case, we will ensure we take appropriate precautions to protect your data.

1.3 Our Article 27 Representative

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England
BN1 1EB

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd.

Adam Brogden contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2, 12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

1.4 Data subject rights and supervisory authority

In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data. Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

Right to information

You can at any time request to be informed about what personal data is being processed and the purpose for such processing.

Right to access

You can request Netiqs to provide you with access to your personal data that is being processed. This request allows you to see or view your own personal data, as well as to request copies of the personal data.

Right to rectification

You can ask for an update of your personal data in case you believe that your personal data is not up to date or accurate.

Right to withdraw consent

You have the right to withdraw your previously given consent for processing of your personal data for a specific purpose. The request requires Netiqs to stop the processing of the personal data that was based on the consent provided earlier. The data subject can withdraw the consent in the same manner that was given, or by submitting a request at privacy@netiqs.com.

Right to object

You have the right to object to the processing of your personal data at any time. This effectively means that you can stop or prevent us from using your data.

Right to restriction of processing

You have the right to ask for restriction of processing of your personal data by us as a data controller. Where processing of your data is restricted, it can be stored by Netiqs, but most other processing actions, such as deletion, rectification etc. will require your permission.

Right to object to automated processing

We do not undertake activities that imply automated personal data processing. If a need for this type of processing appears in future, we will provide you with the ability to object to a decision based on automated processing.

Right to be forgotten

Also known as the right to erasure, provides you with the ability to ask for the deletion of your data. We respect your right but also note that this is not an absolute right and depends on the legal basis of the processing and retention period in line with other applicable laws.

Right for data portability

We provide you with the ability to ask for transfer of your personal data. As part of such a request, you may ask for your personal data to be provided back to you or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.

To exercise your rights, you can contact us by email at privacy@netiqs.com, or through our appointed Data Protection Officer:

Adam Brogden
GDPRLocal Ltd
1st Floor Front Suite 27-29 North Street, Brighton England BN1 1EB
dpo.support@gdprlocal.com
+441 772 217 800

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

You may at any time pursuant to Art. 77 GDPR in conjunction with. § 19 BDSG file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.

1.5 Processing of data, purpose, and legal basis

We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).

The purpose of the processing is to ensure use of the mobile application functionalities and deliver continuous upgrades to its performance.

The legal basis of all our processing activities is based on Art. 6 (1) GDPR, more specifically your personal data are being processed based on the contract (Terms of Use) and your consent for the use of our application. You will receive further information in the context of the presentation of the individual processing activities.

1.6 Storage duration

We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g. § 257 HGB, 147 AO). Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.

1.7 Recipient of the data

We use various service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR.

1.8 Transfer to third countries

Within the scope of using our services, your personal data may be transferred to the USA. In this regard, the service provider has undertaken to provide sufficient guarantees in accordance with Art. 44 et seq. GDPR and has concluded the standard contractual clauses approved by the EU Commission.

If we process your data in the United Kingdom, this is done on the basis of an adequacy decision of the EU Commission.

1.9 No obligation to provide data/no profiling

There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for automated individual decision making including profiling. In order for the consumer to receive better customer experience in some cases the profiling is done, but the consumer chooses which data they want to share with us. Your personal data will not be used for automated individual decision-making.

1.10 Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where required under GDPR we will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Our application may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our application, we encourage you to read the privacy notice of every website you visit.

2. Netiqs App – Processing activities and categories of personal data

2.1 User profile and provision of the app

Nature and purpose of data processing:

In order to use the app, it is necessary to create a user profile. The following personal data is collected and stored as part of the user profile:

Title, name, email address, phone number, address.

In addition, when providing our app by connecting to our servers, a UserID and system logs are processed.

Legal basis:

The processing is carried out pursuant to Art. 6 (1) lit. b GDPR on the basis of the terms of use for the app services that apply between you and us and on the basis of your consent.

Recipient:

Recipients of the data are technical service providers. As so-called order processors, the service providers are obliged to process the data only within the scope of our instructions and on the basis of an order processing contract in accordance with Art. 28 GDPR.

Retention period:

The data is kept as long as the user profile exists and/or the user account is active. For more details refer to section 1.6. of this Privacy Policy.

2.2 Route planning and navigation

Nature and purpose of the processing:

As part of our route planning and navigation services, you can create route plans and have them navigated by external applications (e.g. Apple Maps or Google Maps). In addition, available charging stations and other points of interest (“POI”) such as restaurants or cafés are displayed based on the route plans created.

For the creation of a route plan, the geo-coordinates of the place of departure and arrival are processed.

Legal basis:

The processing is carried out pursuant to Art. 6 (1) lit. b GDPR on the basis of the terms of use for the app services that apply between you and us and on the basis of your consent.

Recipient:

In addition, geo-coordinates are transmitted to the map service selected by you. The processing by the map service is carried out by the map service as the responsible party on its own legal basis.

Retention period:

The data is kept as long as the user profile exists and/or the user account is active. For more details refer to section 1.6. of this Privacy Policy.

2.3 Payment function

Nature and purpose of the processing:

As part of our service, the payment process for charging your vehicle can be carried out. During the payment process, we process your name as well as data about your charge (information about the charging station, date, time, amount) and payment method, e.g. credit card number, expiration date and security number. Your data is encrypted using a token before it is transmitted to our payment service providers.

Legal basis:

The processing is carried out pursuant to Art. 6 (1) lit. b GDPR on the basis of the terms of use for the app services that apply between you and us and on the basis of your consent.

Recipient:

The recipient of the data is a service provider. As a so-called order processor, the service provider is obliged to process the data only within the scope of our instructions and on the basis of an order processing contract in accordance with Art. 28 GDPR.

Transfer to third countries:

Within the scope of using the service provider, your personal data may be transferred to the USA. In this regard, the service provider has undertaken to provide sufficient guarantees in accordance with Art. 44 et seq. GDPR and has concluded the standard contractual clauses approved by the EU Commission.

Retention period:

The data will be kept for as long as it is necessary for the payment process and must be kept in accordance with the applicable tax laws.

2.4 Personalized offers

Nature and purpose of the processing:

When using the app, you have the option of receiving notifications about special offers or promotions from cooperation partners that are tailored to your profile, location and vehicle. Both profile and usage data are used for this purpose.

Legal basis:

The processing for the above purposes is based on your consent.

Recipient:

Transfer to third countries:

Retention period:

The data processing will take place until you revoke your consent.

2.5 Crash analysis

Nature and purpose of data processing:

To ensure that you can use our app without errors, your data is processed when you use the app in order to prevent or eliminate future crashes or errors in the app. For this purpose, we process your device information such as the timestamp of the crash, the full version number of the app, the name and version number of the operating system of the device and the network operator.

Legal basis:

The processing is carried out pursuant to Art. 6 (1) lit. f GDPR based on our legitimate interest in providing you with a functional app and a smooth service.

Recipient:

3. Google Services / Apple Services

The Netiqs app can be downloaded and installed free of charge via the Apple App Store or the Google Play Store.. For more details regarding the use of their services please refer to the following documentation:

4. Changes to the privacy policy

We reserve the right to adjust this privacy policy at any time. The current version of the privacy policy applies.