Privacy policy

1 INTRODUCTION

Easee AS (organisation no. 920 292 046) (“Easee”) collects personal data in connection with product sales and provision of charging services, creation of user profiles in the Easee app/cloud solution/Easee portal, provision of Easee Pay, provision of customer support and newsletters, and in connection with recruitment processes. Easee is the data controller for the processing of your personal data, which means that Easee determines the purpose and means for the processing of personal data.

This privacy policy provides information about the personal data Easee collects, processes and discloses, the purposes for which personal data is processed and your rights in this connection. Easee will process your personal data in accordance with the at all times applicable data protection laws.

Easee is committed to maintaining your privacy. If you have any questions related to this privacy policy or Easee’s processing of your personal data, you may contact us by using the contact information stipulated below.

Address: Easee AS, Grenseveien 19, 4313 Sandnes
Email: gdpr@easee.no

2 PERSONAL DATA PROCESSED, PURPOSE AND LEGAL BASIS

Easee processes personal data about private customers, contact persons with our business customers, suppliers and other collaborating partners, subscribers to our newsletters, users of Easee’s website who have accepted cookies, application and cloud solution and others who contact Easee, e.g., by using the contact form on Easee’s website. If you apply for a vacant position in Easee, we will process your personal data as part of considering your job application.

Easee collects your personal data in various ways, such as from the information you submit in connection with a purchase of our products or when you register a user profile, from our website, from your use of the Easee app, Easee Pay or Easee portal, from correspondence with you via telephone/email/the contact form on our website and in connection with our collaboration with suppliers, business customers or other partners, where we receive your personal data directly from you or from your employer or client. If you apply for a vacant position at Easee, we may collect personal data from the information and references provided by you in your application.

Please note that you are not obliged to provide personal data to Easee. However, without submitting your personal data, you will not be able to access and utilise Easee’s app or Easee Pay and cloud solution, and Easee will be unable to provide you with customer support or respond to your inquiries.

Easee processes personal data for the following purposes and legal basis:

• Web shop sales, where name, contact information, credit card and payment information etc. are processed. The legal basis for such processing is Art. 6 (1) lit. b GDPR, since the processing is necessary for the performance of a purchase agreement entered into with you when you made a purchase from us, including to deliver your product and invoice the agreed purchase price.
  
• Offering and administration of Easee’s app and cloud solution in your Easee cloud account, where name, phone number and email address of private owners and administrators of a charging station or other products and users with access to a product are processed. Further, the address of and technical information about a site, the products installed on the site, consumption or usage history, customers’ purchase history, serial number, customer number, name and ID of key chips, the approximate location of the product and diagnostics data are processed. If a product is connected to a WiFi network, the network’s SSID and password are processed.
  
  The purpose of the processing is to allow users to gain access to products and installations requiring internal authentication, to administrate installations and charging stations and other products, to enable users to see the product history for an installation, to enable users to see their own charge history, to be able to look up and manage user’s access to a site or product and to enable users to log into the Easee app. The app uses the same login and database as Easee’s cloud solution, and your contact information is connected to the sites and products you have access to.
  
  The personal data we require when you register a user profile is necessary to confirm your identity and prevent your user profile from being misused or duplicated.
  
  The legal basis for the processing is Art. 6 (1) lit. b GDPR, since the processing is necessary to fulfil an agreement with you relating to the use of Easee’s interfaces and cloud solution or an agreement entered into with you when you purchased our product, as well as Art. 6 (1) lit. f GDPR based on our legitimate interest in IT and data security and providing good customer service, e.g., by offering you the opportunity to update your personal data in the Easee app.
  
  – Use of Easee Pay, where we process your name, phone number, email address, credit card and payment information, charging history (including the amount of KWh charged), RFID keys, etc to enable you pay for EV charging sessions. We use Adyen as a third-party payment processing and acquiring company to collect and process payment information.
  
  – If you submit payment information, we will share with Adyen information such as your encrypted debit/credit card details, bank account details (if submitted), payment details, billing address, device fingerprint, IP address, currency etc. For some of the information’s, Adyen acts as a data processor under the relevant data protection laws and processes your information on our behalf. In addition, Adyen may process your personal data as a data controller to provide acquiring services, comply with legal obligations or perform “Know your customer” checks. Further information on Adyen data protection practice is found here.
  
  – The legal basis for the processing is Art 6(1) b of the GDPR, since the processing is necessary to fulfill an agreement with you relating to the use of Easee Pay for EV Charging payments.

• Customer support, where personal data such as product number, customer name, address, location and other personal data included in support requests are processed. By interconnecting various non-sensitive personal data such as the abovementioned, Easee will be able to provide customised customer support. The legal basis is Art. 6 (1) lit. b GDPR, where the processing is necessary for performance of a contract with you. This processing of your data otherwise occurs on the basis of Art. 6 (1) lit. f GDPR, based on our legitimate interest in providing you the best possible customer support.

• Respond to other inquiries we receive, where we process name, email address and/or phone number and any personal data included in the inquiry or a complaint. The legal basis of the processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest to answer and handle inquiries or complaints.
  
• Administration of our relations to business customers, suppliers and other partners, where name and contact information for contact persons (e.g., employees) with our business customers, suppliers and other partners are processed, in addition to personal data contained in contracts, ongoing commercial correspondence, invoices, minutes of meeting etc. The legal basis of the processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest to administer our relations to business customers, suppliers and other partners, including to communicate with our contact persons.
  
• Provision of newsletters, where name and email address are processed for the purpose of sending you our newsletters, provided that you have consented to receive newsletters. If you have given consent to the processing of your data as described above for the provision of newsletters, the legal basis is Art. 6 (1) a GDPR (Consent). You may withdraw your consent at any time through the Easee cloud or by contacting us using the contact details provided in this policy.
  
• Improvement of Easee’s services, where personal data contained in technical analyses, logs and information on the use of the Easee app or Easee portal are processed for the purpose of generating statistics and analyses in order to improve our services and enhance the user experience, as well as ensuring the stability in our services. Personal or technical data from your devices used for such purposes are aggregated and anonymized, such that you may not be identified as an individual person based on the statistics or analyses generated as a basis for the improvement of our services.
  
  Please note that some of our products are equipped with position sensors enabling us to identify where the product is installed. Even though you have not provided us with your address in the user profile, we will be able to identify the products’ position through their cellular connection. This information is for safety reasons and will never be used for other purposes than to carry out troubleshooting and to improve our products.
  
  The legal basis for the abovementioned processing is Art. 6 (1) lit. f GDPR, where our legitimate interest is to optimize and ensure the stability of our services.
  
  If you are located in Germany and have given consent to the processing of data from position sensors as described above, the legal basis is Art. 6 (1) a GDPR (Consent).

• To improve our website, and to enhance the user experience, Easee uses cookies and other information gathering methods. You can find more information regarding cookies under the browser’s help function.
  
• Recruitment for vacant positions, where we process CV, school reports, your application, certificates, references (which you provide) and other information you may provide. The consequence of not providing such information is that we may not consider your application or offer you a position in Easee. The personal data are collected from the applicant or from the references provided. The legal basis for such processing is Art. 6 (1) lit. b GDPR, since the processing is necessary to enter into a contract with you based on your request. By applying for a position in our company and sending us documentation, we consider you to request our assessment of the provided documentation, to carry out interviews and call your references with a view to enter into an employment agreement. If you have given your consent to store your applicant data after a recruitment process for longer than a year for potential future vacancies, the legal basis is Art. 6 (1) a GDPR (Consent). You may withdraw your consent at any time by contacting us using the contact details provided in this policy.
  
• Compliance with statutory requirements and legal obligations, such as compliance with statutory obligations under the applicable accounting legislation and orders from public authorities. In this case, the legal basis of the processing is Art. 6 (1) lit. c GDPR.
  
• Ensuring the rights of Easee or third parties, to establish, exercise or defend legal claims we believe to have, or that are directed towards us by customers, suppliers, partners, other third parties or public authorities. The legal basis of the processing is Art. 6 (1) lit. f GDPR based on our legitimate interest to establish, exercise or defend legal claims for the enforcement of our rights or the rights of third parties.

3 RETENTION PERIOD

Easee will store your personal data as long as it is necessary to fulfil the purposes for processing as defined above and will as a main rule delete personal data within three years after termination of the contract for use of Easee’s app and/or cloud solution or upon the individual user’s request.

Emails from customers that are sent to our support email address will be stored up to three years from the date the matter was resolved.

If the legal basis for the processing of personal data is consent, Easee will cease the processing of personal data if the consent is withdrawn. You may withdraw your consent at any time.

As regards personal data about job applicants, the personal data will be stored during the recruitment process. If the applicant is not employed in Easee, the personal data will be deleted within six months from the position was filled, unless the job applicant has consented to a further storage period.

However, please note that continued storage of personal data may be necessary due to statutory obligations to which Easee is subject, e.g., storage for accounting purposes, or due to Easee’s legitimate interests, e.g., for the purpose to establish, exercise or defend a legal claim.

Anonymised information, i.e., information that cannot be linked to a natural person, may also be subject to continued storage.

4 DISCLOSURE OF PERSONAL DATA

Easee will only disclose personal data to third parties to the extent Easee has legal basis for such disclosure.

Easee uses data processors to collect, store or otherwise process personal data on our behalf, including in relation to our hosting services etc. The relationship to such suppliers is governed by a data processor agreement, which among other things ensures confidentiality and information security for your personal data.

Your personal data may be subject to processing or storage outside the EU/EEA. In such cases, Easee will ensure that the personal data is subject to appropriate safeguards, by means of entering into the EU Standard Contractual Clauses for such transfers or transfers to countries approved by the EU Commission. Please contact us if you require further information.

Easee may disclose personal data to public authorities to comply with statutory requirements or orders from public authorities, e.g., to comply with obligations under the applicable accounting or tax legislation. The relevant public authorities will be data controller for the personal data disclosed in such instances. 

5 SECURITY

Easee values your privacy rights and has taken reasonable steps to protect the users’ privacy, including by implementation of physical, technical and organisational measures, to prevent loss, alterations, theft and unauthorized access to information stored and otherwise processed.

6 OWNERS AND ADMINISTRATORS OF PROFESSIONAL CHARGING SITES

Please note that when you use a professional charging site, your historic log and user data relating to the charging session will be processed by the owner or administrator of that charging site. The user data contains personal data such as name, Easee key alias, email address and phone number.

Such data are usually processed for invoicing and for statistical and technical purposes, including ensuring charging stability and similar. The relevant professional charging facilities are the data controller for their processing of such personal data. Please contact the charging facilities for further information on their processing of your personal data.

7 LINKS TO THIRD PARTY WEBSITES, SERVICES AND SOCIAL MEDIA PLATFORMS

Easee’s website and app may contain links to other website or external services. These websites and services have their own privacy policies that describe how personal data is collected and processed. If you submit your personal data to such third-party websites, the processing of personal data is subject to the relevant website’s privacy policy. Easee is not responsible for such third-party websites or their processing of personal data. We recommend that you read the privacy policy and any terms of use on such websites when you visit and use the website. An example of such a service may be Upvoty, which is used to gather feedback and ideas for our products and services.

If you “like”, join or become a member of Easee’s Facebook page or Easee’s profiles on other social media platforms, this information will be shared with the relevant platform. The same applies to content you post and posts you like on such social media platforms. Easee and the relevant platform are responsible for the personal data it collects and processes from such social media platforms. Easee accesses data posted on Easee’s profiles on social media platforms for the purpose of understanding feedback and reactions to Easee’s products and services, but does never download, store or compile such data. Easee uses Facebook Pixel and Google Analytics for marketing purposes. Further information about how the social media platforms process personal data can be found in the relevant platform’s privacy policy.

8 YOUR RIGHTS

As a data subject, you are entitled to obtain access to the personal data we process about you, request that Easee updates or corrects your personal data and/or withdraw any consent to processing. In some circumstances, you are also entitled to request that your personal data is erased, request restriction of processing or object to processing and/or request data portability. In order to utilise your rights, you may contact Easee by using the contact information stipulated in section 1 above or through this form.

You are also entitled to lodge a complaint with a supervisory authority if you believe that Easee’s processing of your personal data is contrary to relevant data protection laws. In Norway, the supervisory authority is Datatilsynet.

9 AUTOMATED DECISION MAKING

We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).

10 CHANGES TO THE PRIVACY POLICY

Easee’s privacy policy is available at the bottom of Easee’s website or when signing up to Easee cloud, If Easee makes changes in the processing of personal data, this policy will be updated, and the change will be notified on the website or by using your contact information.

In case of changes in the processing of personal data that require your consent, we will collect your consent prior to initiating such processing.

11 GOOGLE TAG MANAGER

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools. As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

12 GOOGLE ANALYTICS

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

13 GOOGLE ADS REMARKETING

Our website uses Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Provided you have given us your consent, this tool enables the advertising target groups created with Google Ads Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. The legal basis is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. This means, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account.

To support this feature, Google Analytics collects authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account; follow this link: https://adssettings.google.com/   

As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.

14 HOW GOOGLE USES DATA FROM THE WEBSITE

Many websites and apps use Google services to improve their content. When we integrate services from Google, the site shares information with Google.

You can read more about this here: https://policies.google.com/technologies/partner-sites

15 FACEBOOK CUSTOM AUDIENCES

We use “Facebook Custom Audiences” on our website, a remarketing tool from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland (hereinafter referred to as “Facebook”).
Facebook Custom Audiences enables us to display interest-based advertisements, so-called “Facebook Ads”, to visitors to our website when they visit the social network Facebook or when they visit other websites that also use Facebook Custom Audiences. A pixel (Facebook pixel) from the provider of the same name, Facebook (see above), is used for this purpose.

Facebook Pixel enables Facebook to display our advertisements on Facebook, so-called “Facebook Ads”, only to those Facebook users who have been visitors to our website, in particular who have shown interest in our online offer. In this case, Facebook pixel also enables a check to be made as to whether a user has been redirected to our website after clicking on our Facebook ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your device. If you are logged into your Facebook user account, your visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook to your user account there. If you have a Facebook user account and are registered, Facebook can assign the visit to your user account.

By using “Facebook Custom Audiences” in connection with Facebook Pixel, your web browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data that is collected by Facebook through the use of Facebook Custom Audiences. As far as we know, Facebook receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you have a Facebook user account and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook will find out and save your IP address and possibly other identification features.
We use Facebook Custom Audiences for marketing and optimization purposes, in particular to place relevant and interesting ads for you and thus improve our offer and make it more interesting for you as a user. The legal basis for Facebook Custom Audiences and the Facebook Pixel is Article 6 Paragraph 1 Sentence 1 Letter a GDPR (consent).

We have concluded an order processing contract with our service provider Facebook, in which we oblige them to protect our customers’ data and not to pass them on to third parties.

Since personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Paragraph 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even through this contractual extension, we will endeavor to find additional regulations and commitments from the recipient in the USA.

Further information from Facebook on data protection can be found on the following Facebook website:
https://www.facebook.com/about/privacy

Information on Facebook pixels can be found on the following Facebook website:
https://www.facebook.com/business/help/651294705016616

The deactivation of Facebook Custom Audiences via Pixel is possible for logged-in users at
https://www.facebook.com/settings/?tab=ads#_.

In addition, you can deactivate cookies, which are used for range measurement and advertising purposes, via the following websites:
http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/

We would like to point out that this setting will also be deleted if you delete your cookies.

***

Last updated: 02.12.2022