• Magyar

Privacy Statement

Smart Charging Ltd.

Last updated: November 4, 2019


I. Introduction

The Smart Charging Ltd. (3200 Gyöngyös, Rigó utca 7., hereinafter Data Controller) as data controller considers this notice as a legally binding document and taking commitment to fulfill all of the relevant legal requirements regarding data protection laws. The privacy statement of the Smart Charging Ltd. and the Smart Charging application is available at www.smartcharging.hu/adatvedelem

The Smart Charging Ltd. reserves the right to change its Privacy Statement of which every mobile application user and webpage visitor will be informed.

In case of further questions contact us via info@smartcharging.hu

It is important for us to protect the personal data of our users and partners, hence their personal data are taking care of and kept confidential. The Data Controler does every safety, technical and structural measures in order to guarantee the safety of any data in its possession.

II. Legal framework of the data processing

This Privacy Statement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Smart Charging´s products and services offered in the European Union are GDPR ready and this Privacy Statement provides you with the necessary documentation of the readiness.

The services of the Smart Charging Ltd are based on voluntary provided information. However, there may be situations where your providing of your personal information is necessary in order to grant a service or is required by law. Please note that in certain cases, we may be unable to grant you our services unless you provide the necessary information. Smart Charging Ltd will let the user know when the providing of his/her personal information is necessary.

Smart Charging Ltd as the data controller and its data management activity conforms to the operative data protection laws, especially to the following:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)

Important: In case the user does not provide his/her own personal data, it his/her duty to provide the consent of the person of subject.

III. Definitions

Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.

Controller means an entity that determines the purposes and means of the processing of Personal Data.

Customer Data means any data that DigitalOcean and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.

Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law.

EU Data Protection Law means (I) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (II) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law.

Processor means an entity that processes Personal Data on behalf of the Controller.

Processing has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

Services means any product or service provided by Smart Charging to Customer pursuant to and as more particularly described in the Agreement.

IV. Data management of the Smart Charging application

The Smart Charging Ltd is developing an application called Smart Charging that contains a database of the available EV charging points that located in Hungary and provides effective route planning services. The Smart Charging application is available at Google Play Store and Apple Store. Their Terms and Conditions can be found in the following links

Google Play Store: https://play.google.com/intl/en_en/about/play-terms.html

Apple Store: https://www.apple.com/legal/internet-services/itunes/

The downloaded Smart Charging application is developed and operated by Smart Charging Ltd.

During the use of the application, the user’s smartphone will ask for permission to use its location services, thus gain access to the location of the user. During user activity location data is sent to the Smart Charging Server, but only the last location is stored on it.

Data stored exclusively on the mobile device by the application: every route planning related search, that helps the usage of the app, location and time date data, other customized settings (e.g. ChargePoint power, ChargePoint types, which country’s ChargePoint to show). The charge point database is saved locally, hence there is no need for continuous internet usage.

Amend and delete data:

The erase of the app inherently deletes all data stored on the device. The Smart Charging App does not track and store data besides that.

1. Data Controller

Controller’s Name: Smart Charging Kft.

Address: 3200 Gyöngyös, Rigó utca 7.

Postal Address: 1116 Budapest, Kohó utca 3.

Email Address: info@smartcharging.hu

Webpage: https://smartcharging.hu/

Phone Number: +36 1 720 4820

2. Data Processors

Processor’s Name: Smart Charging Kft.

Address: 3200 Gyöngyös, Rigó utca 7.

Postal Address: 1116 Budapest, Kohó utca 3.

Email Address: info@smartcharging.hu

Webpage: https://smartcharging.hu/

Processor’s Role: saving, developing and updating tasks on the web page

Processor’s Name: BlazeArts Kft.

Address: 6090 Kunszentmiklós, Damjanich u. 36. 1/8.

Phone Number: +36 76 550 175

Webpage: https://www.arubacloud.hu/

Processor’s Role: saving, developing and updating tasks on the web page

The location data of the mobile device, the Google Maps or the Apple iOS Maps services are used for the visualisation of the charge points in the app and also for the route planning feature, although they do not store this data.

The google.com/maps and Apple’s data controlling activities are available in detail at:

https://policies.google.com/

https://www.apple.com/legal/privacy/

V. Contact

1. Contact with clients

In case you would like to contact us please email us to info@smartcharging.hu or fill in the form that can be found on the Contact page or at https://smartcharging.hu/#kapcsolat

Every incoming email with all the contained data and information is stored for maximum 5 years by Smart Charging Ltd.

Processed Data: name and email address of the sender, date, and location and other provided personal data in the email

The aim of Data processing: contact with clients

Legal aspect: the sender’s personal consent

Length of Data processing: maximum 5 (five) years

The consequence of the failure of Data service: the sender and the receiver Smart Charging Ltd. will not be able to contact

2. Error reporting

If you acknowledge error during use of the app, please report to us at info@smartcharging.hu

Processor’s Name: Smart Charging Kft.

Address: 3200 Gyöngyös, Rigó utca 7.

Postal Address: 1116 Budapest, Kohó utca 3.

Email Address: info@smartcharging.hu

Webpage: https://smartcharging.hu/

Processor’s Role: processing of the error reporter’s personal data

Processor’s Name: Tárhely.Eu Szolgáltató Kft.

Address: 1144 Budapest, Ormánság utca 4. X. em. 241.

Email Address: support@tarhely.eu

Webpage: https://tarhely.eu/

Processor’s Role: webhosting provider

Processed Data: name and email address of the sender, date, and location and other provided personal data in the email

The aim of Data processing: client contact in regards to error reporting handling

Legal aspect: fulfillment of the GDPR

Length of Data processing: 1 year + 30 days from the date of the error report

Consequence of the failure of Data service: the error will not be acknowledged

VI. Personal data storage management and data safety

The Smart Charging Ltd. protects the company data by sufficient measures against unauthorized access, change, transmission, unintended disclosure, intended and unintended deletion or destroy, damage, actions making them inaccessible.

The Smart Charging Ltd. is running processes and technical measures which ensures that the stored data – exemption declared by the related laws – cannot be connected to persons/personal identification.

The Smart Charging Ltd. has an IT Security Strategy which ensures that the actual/newest IT security technology is taken into consideration for data protection, and organisational processes related to the data protection are defined in that way which minimise the data protection related risks

The Smart Charging Ltd. operates a data protection policy which:

  • protects information and grant access to data only for those persons who are authorized for that.
  • runs the information processing in that way, which ensured the integrity of the information
  • ensures the availability of the information for the authorised persons.

In order to ensure the availability, integrity and confidentiality of the information handled the information technology network and infrastructure of Smart Charging Ltd. are protected against  access to the network by unauthorized persons, compromising confidential information, concealing user identity, damage caused by a third party, destruction of records, disclosure of information, eavesdropping, failure of communication links, falsification of records, malfunction of equipment , theft, unintentional change of data in an information system, unauthorized access to the information system, unauthorized physical access, unauthorized use of software. The operator of the servers used by Smart Charging Ltd. implements server level and application level protection techniques.

The Smart Charging Ltd. as “Data Controller” administers and logs all the incident related the data protection, store all the details of the incidents including impact, risk, severity and applied measures.  The incidents related to data protection are reported to the “Nemzeti Adatvédelmi és Információszabadság Hatóság” (National Data-protection Authority) within 72 hours.

VII. Data subjects’ rights

1. The right to be informed

Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.

2. The right to rectification

The right to rectification: If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.

3. The right to erasure

The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.

4. The right to restrict processing

Individuals can request that organisations limit the way an organisation uses personal data. It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.

5. The right to object

Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.

6. The right to data probability

The right to data portability: Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.

7. The right to withdraw consent

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

8. Complains and remedies

In case you have any questions or problems related to the data processing of Smart Charging Kft., please do not hesitate to contact us via info@smartcharging.hu.

With regards to the provisions of GDPR, Smart Charging Kft. shall not be obliged to designate a data protection officer.

Every data subject should have the right to a judicial remedy related to data processing. In case of unlawful data processing, data subjects can apply to the court and commence a civil procedure against the data controller. Civil procedures fall within the jurisdiction of the Regional courts of Hungary.  In respect of civil procedures, Regional court of where the defendant is seated or the data subject is domiciled would have general jurisdiction. You can find the list of the Regional courts here: http://birosag.hu/torvenyszekek

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal Address: 1530 Budapest, Pf.: 5.

Email Address: ugyfelszolgalat@naih.hu

Webpage: http://www.naih.hu

Phone Number: +36 1 391 1400

Fax Number: +36 1 391 1410

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.

Data subjects shall have the right to be provided with judicial redress and to make complaints to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR. Find more information about NAIH here: https://naih.hu/general-information.html

Please read carefully the following information on data protection. If you have any questions or feedback in connection with the information on data protection, the data processing or the interpretation of legislation and regulations, please do not hesitate to contact us.