1. INTRODUCTION

This Privacy Statement provides information on processing of personal data by GreenFlux Assets B.V., hereafter GreenFlux, we or us.

In this Privacy Statement we describe who we are, how, when and for which purposes we process your personal data, how you can exercise your privacy rights and all other information that may be relevant to you. This Privacy Statement may be changed over time. The most up-to-date Privacy Statement is published on www.greenflux.com/privacy.

This Privacy Statement applies since November 6th, 2018. The last modifications to this Privacy Statement were made on December 17th, 2018.

2. WHEN DOES THIS PRIVACY STATEMENT APPLY?

GreenFlux processes personal data for the purposes as indicated in this Privacy Statement. Those personal data depend on the service provided by GreenFlux, be it as Charge Point Operator (CPO) or Electro Mobility Service Provider (EMSP). For more information on these services and to understand which service(s) GreenFlux delivers to you, please see www.greenflux.nl/producten.

This is the Privacy Statement for customer and/or client data, in so far as this data is personal data processed within the Charge Point Operator (CPO) and Electro Mobility Service Provider (EMSP) environment. This Privacy Statement does not address the processing of personal data of individuals by GreenFlux outside of those environments.

3. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

GreenFlux Assets B.V. is the controller of the processing of all personal data that fall within the scope of this Privacy Statement. This Privacy Statement indicates what personal data are processed by GreenFlux and for what purposes, and to which persons or entities, that data may be shared.

GreenFlux may share your personal data with external parties insofar as this is indicated in this Privacy Statement.

4. WHICH CATEGORIES OF PERSONAL DATA DO WE PROCESS ABOUT YOU?

For the services Charge Point Operator (CPO) and Electro Mobility Service Provider (EMSP), the following categories of personal data are processed:

• Contact details (such as name, address, telephone number, email address)
• Billing details (such as bank account number)
• Vehicle details (such as type, color, license plate)
• Photographs (such as photographs of car parking area)
• Transaction details (such as technical charging information, location information)

5. HOW DO WE COLLECT YOUR PERSONAL DATA?

GreenFlux collects your personal data directly from you apart from the following two situations:

• When you purchase a vehicle through one of our partners we may receive your personal data from those partners after they have received your consent for doing so;
• When you make use of the GreenFlux charging network and you are not a customer with us, we may receive your personal data from other Charge Point Operators.

6. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

The following scenarios set out when and for which purposes GreenFlux processes your personal data.

6.1 When you use our products and/or services

a) To register you as a user of our products and/or services, administrate your account and to ensure the confidentiality and security of your account

For you to be able to make use of our products and/or services we will enter your personal data into our systems in order for you to make use of them. We will also administrate your account and ensure that the information on your account is confidential and adequately secured. For this purpose, we process the following personal data categories:

• Contact details (such as name, address, telephone number, email address)
• Billing details (such as bank account number)
• Vehicle details (such as type, color, license plate)

This purpose has a legal basis under Article 6 (1)(b) and (f) GDPR, processing is necessary for the performance of contract and for the purposes of a legitimate interest pursued by GreenFlux.
GreenFlux has a legitimate interest to process your personal data to make sure your account details remain confidential and secure.

b) To deliver to you our products and/or services, their functionalities and for their technical, functional and operational management

If you use our product and/or service, we process personal data to offer you our products and/or services, their functionalities and to allow our product administrators to manage our product’s and/or service’s performance. We also process your personal data in order to provide you with necessary service and maintenance of our products and/or service. For this purpose, we process the personal data that is generated by your use of our products and/or services.

We process the following personal data categories:

• Contact details (such as name, address, telephone number, email address)
• Vehicle details (such as type, colour, license plate)
• Photographs (such as photographs of car parking area)
• Transaction details (such as technical charging information, location information)

This purpose has a legal basis under Article 6 (1)(b) GDPR, processing is necessary for the performance of contract.

c) For the development and improvement of our products and/or services

We process your personal data in order to assess, analyse and improve our products and (customer) services. We use aggregated personal data to analyse customer accounts and to adjust our products and services accordingly. When you use our products and/or services, we also process your personal data to compile analytics reports for internal development purposes.
For this purpose, we process the following personal data categories about you:

• Contact details (such as name, address, telephone number, email address)
• Transaction details (such as technical charging information, location information)

This purpose has a legal basis under Article 6 (1)(f) GDPR, processing is necessary for the purposes of a legitimate interest pursued by GreenFlux. GreenFlux has a legitimate interest to process aggregated personal data to improve our products and (customer) services.

6.2 When you do business with us

a) For business execution and internal management

We process your personal data in the performance and organisation of our business. This includes general management, order management and management of our assets. We may conduct audits
and investigations, implement business controls, and manage and use customer directories. Also, we process your personal data for billing, finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution. For this purpose, we process the following personal data categories about you:

• Contact details (such as name, address, telephone number, email address)
• Billing details (such as bank account number)

This purpose has a legal basis under Article 6 (1)(b) and (f) GDPR, processing is necessary for the performance of contract and for the purposes of a legitimate interest pursued by GreenFlux.
GreenFlux has a legitimate interest to process your personal data to manage and organize our business, including the implementation of business controls and conducting audits and  investigations.

6.3 When you interact with us

a) To communicate with you (online and offline)

If you get in touch with us via our contact details or via our website, we will use your personal data in order to reply and answer your question. For this purpose, we process your name, contact details, your correspondence with us, your question and all other personal data which are provided by you or necessary to answer your question. This purpose has a legal basis under Article 6 (1)(f) GDPR, processing is necessary for the purposes of a legitimate interest pursued by GreenFlux. GreenFlux has a legitimate interest to process your personal data to be able to communicate with you.

b) To comply with the law

In some cases, we process your personal data to comply with applicable laws and regulations. This could, for example, be the case where tax or business conduct related obligations apply. Also, in order to comply with relevant laws and regulations, we may need to disclose your personal data as a consequence of a request of a regulatory agency or supervisory authority. For this purpose, we may process the following personal data categories about you:

• Contact details (such as name, address, telephone number, email address)
• Billing details (such as bank account number)
• Vehicle details (such as type, color, license plate)
• Transaction details (such as technical charging information, location information)

This purpose has a legal basis under Article 6 (1)(c) GDPR, processing is necessary for the compliance with a legal obligation.

7. WHO HAS ACCESS TO YOUR PERSONAL DATA?

7.1 Access to your personal data within GreenFlux

We ensure that your personal data is only shared internally to the extent necessary to serve the purposes set out in this Privacy Statement. Our employees are aware of the need to respect your privacy and are authorized only to access personal data when it is necessary for them to carry out their respective functions.

7.2 Access to your personal data by external parties

The following categories of external parties may have access to personal data, only if relevant, for the
provisioning of their products or services to us:

• Business partners of GreenFlux (to register you as a user of and to deliver to you our products and/or services)
• Charging point manufacturers (to provide for service and maintenance of our products and/or services)
• IT partners (to provide technical and operational maintenance)
• Telecom providers (to provide for online telecommunications between charging points and data centres)
• Cloud providers (to provide storage for data processed by GreenFlux)

When external parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only used by those
external parties to the extent that such use is necessary for the purposes set out in this Privacy Statement. The external parties may only access your personal data in accordance with contractual
obligations with GreenFlux and applicable law.

If your personal data are transferred to a recipient in a country outside of the European Economic Area (EEA) that does not provide an adequate level of protection for personal data, we will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients. In other cases, your personal data will not be supplied to external parties, except where required or permitted by law.

7.3 The use of your personal data by data processors

When an external party processes your personal data solely following GreenFlux’ instructions, it acts as a data processor. Prior to interacting with such data processors, we enter into a data processing agreement with them for the processing of personal data. In this agreement we include obligations to ensure that your personal data are processed by the data processor solely to provide services to us and that this is done subject to the same level of protection as awarded to you by GreenFlux.

8. HOW ARE YOUR PERSONAL DATA SECURED?

GreenFlux has taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.

9. HOW LONG ARE YOUR PERSONAL DATA RETAINED?

GreenFlux ensures that it retains personal data only if it is necessary for specific purposes. Your personal data will be deleted or made anonymous when your personal data is no longer necessary for the purposes for which these personal data were collected.

10. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?

You have the right to request access of an overview or copy of your personal data, and under certain conditions, rectification and/or erasure of personal data. In addition, you may also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability.

To invoke your right of access, rectification, and/or erasure of personal data, your right of restriction of processing, and/or your right to object to processing as well as to invoke your right to data portability, please contact us by using the contact details at the bottom of this Privacy Statement. Please keep in mind that we may ask for additional information to verify your identity.

If you have given your consent to a certain purpose, you can withdraw your consent at any time. Please keep in mind that withdrawal does not have retroactive effect. You can contact us by using the contact details at the bottom of this Privacy Statement.

11. CAN YOU LODGE A COMPLAINT?

You can lodge a complaint with your local data protection supervisory authority when you have a complaint about the use of your personal data by GreenFlux. For example, if you believe that we do not process your personal data carefully, or because you have sent us a request to access or rectification of your personal data and you are not satisfied with our reply or we did not reply in a timely manner.

The contact details of the Dutch data protection supervisory authority are:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV The Hague
Netherlands

Link to their website

12. HOW CAN YOU CONTACT US?

If you have any questions about the way we process your personal data, please read this Privacy Statement first. For additional questions or complaints, please contact:

GreenFlux Assets B.V.
Postbus 95001
1090 HA Amsterdam
Netherlands
info@greenflux.com
+31 (0) 88 60 50 700