Privacy policy
Introduction
This Privacy Notice applies to the processing activities of Road B.V., a private company with limited liability organized and existing under the laws of the Netherlands, having its registered address at Joan Muyskenweg 37 (1114 AN, Amsterdam), and registered at the Chamber of Commerce under registration number 70011346. Both Road and E-Flux by Road are sub-brands of Road B.V. This Privacy Notice applies to all processing activities by Road B.V.
Road B.V. (hereinafter: “we”, “us”, “our”) understands that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations.
In the context of our activities and services of:
- delivering charging cards and related services directly to you; and
- providing a platform for companies to manage electronic charging stations and charging cards,
we collect, hold, use and/or otherwise process personal data about you. Based on applicable data protection and privacy law (such as the laws and regulations set out in paragraph 3 below), we qualify as ‘the controller’ with respect to the personal data that we process in that context. This Privacy Notice does not cover our activities with respect to our employees.
Attention: By using our services and/or our website and by sharing your personal data with us, you acknowledge that your personal data will be processed in the manner as described in this Privacy Notice.
Note: This does not constitute your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.
1. What does this Privacy Notice cover and whose personal data do we process?
This Privacy Notice is intended to ensure compliance with European and Dutch privacy legislation and regulations, including but not limited to, the General Data Protection Regulation (GDPR), and national implementation laws with respect to the GDPR, such as the Dutch Implementation Regulation (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG).
This external Privacy Notice is relevant for anyone whose personal data we may process in the context of our (business) activities, including but not limited to (direct) users of charging stations managed by our software services and/or charging cards, employees or representatives of our (potential) business partners (e.g. customers of our software services), visitors of our website, job applicants (see paragraph 9 for more information), employees or representatives of our current and former professional advisers, consultants and service providers.
This Privacy Notice explains on what legal basis we may process your personal data and:
- what personal data we collect;
- for what purposes and how we may use/process such personal data;
- how we collect the personal data;
- how we store the personal data;
- for what period we store the personal data; and
- what your rights are under the applicable data protection and privacy legislation.
In view hereof, we encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website https://www.e-flux.io/pdf/E-Flux-by-Road_Privacy-Policy_EN.pdf. You may also ask us to send you a copy of the most recent version of this Privacy Notice.
In the event that the Privacy Notice will materially and/or substantially change, we will actively inform you of this change and provide you with the new version of the Privacy Notice.
Note: Where you provide personal data to us, which personal data relate to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with his/her personal data.
2. What personal data do we collect and how do we collect this personal data?
If we collect your personal data, we may collect information about you in various ways:
- Directly from you, for example when you engage in business with us and provide us with your personal information by contacting us or when a contact person provides his/her personal data by email, through our social media channels, through our chatbot on the website, by phone, through a messaging service like WhatsApp, on paper or by means of a business card;
- Directly from you when you use charging stations managed by our software solutions and/or when you use the charging cards service directly from us (and not, for example, through your employer or another party);
- Directly from you when you visit our website https://www.e-flux.io, which may include information you provide to us when creating an account with us or by means of contact forms on that website;
- Directly from you, for example when you apply for a job with us (please see paragraph 9 for more information);
- From third parties, for example where we obtain your contact details from companies we work with (in the course of our business activities), external advisers, headhunters, recruitment agencies, via colleagues, via our partner network such as installers, EV specialists, wholesalers, manufacturers or via our customers using our API based or white-label solution; and
- Otherwise, for example, by consulting public sources/public records (e.g. your website, the trade register, branch associations or media), by own research and by contacting companies.
3. Legal grounds
The legal grounds used for our processing activities are:
- The processing is necessary for the performance and execution of a contract with you;
- The processing is necessary for compliance with legal obligations (including our obligations under applicable tax laws, our legal administration obligations, to cooperate with supervisory authorities);
- The processing is necessary for our legitimate (business) interests.
If applicable laws require so, we will process your personal data upon your (explicit) consent. If any kind of processing is based on your consent, we hereby inform you that you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
4. What personal data do we collect and for what purposes do we use your personal data?
- Personal details: first and last name, date of birth, gender.
- Contact details: address, email addresses, phone number.
- Business details: business/company information (including contact details of for example the representative), position/job title, signatures, excerpts of registers (public or not, e.g. from the Chamber of Commerce).
- Account details: username and password.
- Financial details: payment information and bank account details.
- Service related details: brand of electric vehicle, charging station or charging card data. Also the license plate can be stored by our customer in their account.
- Technical data: IP address, browser type and version, time zone setting and location, and other technology on the devices you use to access the website.
- Usage data: data about activity on our website, data about activity on a website other than ours (in case we are a part of an advertising network).
See the full list of personal data we collect here
Note: For the processing of personal data of job applicants please refer to paragraph 9.
• Personal details
• Contact details
• Business details
• Personal details
• Contact details
• Business details
• Personal details
• Contact details
• Financial details
• Service related details
• Personal details
• Business details
• Contact details
• Other (personal) information you provide if you send us an email or fill out the contact form on our website.
• Financial details
• Personal details
• Contact details
• Business details
• Financial details
• Contact details
• Business details
• Personal details
• Contact details
• Business details
• Other (personal) information you provide if you send us an email or fill out the contact form on our website
• Personal details
• Contact details
• Business details
• Service related details
• Usage data
• Personal details
• Contact details
• Business details
• Account details
• Personal details
• Contact details
• Business details
• Business details
• Technical data
• Usage data
• Personal details
• Contact details
• Business details
• Personal details
• Contact details
• Business details
• Service related data
We also use your data for market and customer satisfaction surveys. Of course, we use this information anonymously for statistical purposes and only for us. Survey answers will not be shared with third parties or otherwise published.
Furthermore, we only send out messages (e.g. mailing lists, newsletters) to customers who have indicated that they wish to receive such messages. We note that it is always possible to unsubscribe from receiving these messages.
5. How long will we keep your personal data?
We will not store or keep your personal data for a longer period than is necessary in light of the purposes for which we process them. Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will store the personal data for longer periods.
More specifically, the following storage periods apply:
6. How do we protect your personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Further, we seek to ensure that we keep your personal data accurate and up to date. However, you are responsible for this and we kindly request that you inform us of any changes to your personal data (such as a change in your contact details).
7. Do we transfer and/or share your personal data?
In the context of the purposes as listed above, we may share your personal data with third parties in the following situations:
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of insurers or a government authority such as data protection authorities.
- We may engage third parties to process the personal data on our behalf (for example providers of certain IT applications, software developers, cloud providers, data brokers, direct marketing professionals, HR and/or payroll providers that we use in the context of our activities). We will enter into the required contractual arrangements with those parties to ensure lawful and fair processing of your personal data on our behalf.
- We may share certain personal data with your employer or business contacts, with individuals or organizations who have a direct (contractual) relationship with us, other relevant private organizations (such as recruitment and assessment agencies and head-hunters).
- We may also transfer personal data in the event of the sale or transfer of all or any part of our business with external advisors, auditors, (potential buyers), government authorities, if this is required in the context of that transaction.
- Upon your explicit consent, we may share your contact details (email, name and phone number) with an installer-partner that takes part in our Preferred Partner Programme in order to put you in contact with them. You can withdraw your consent at any time.
Where relevant, we will implement safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Some of the parties with whom we may share your personal data may be located in countries outside the European Union, which may offer a lower level of data protection than the European Union. This is for example the case in the following situation: we are using Google Cloud services which are located in the United States. In such a case, we shall ensure that the international transfer of your personal data shall comply with the applicable data protection laws. For the aforementioned transfers, we have taken the following measures:
- United States: For the transfers we use the EU Standard Contractual Clauses, accompanied with an analysis on the level of protection in the country of destination (as a result of the “Schrems II” judgment of the Court of Justice of the EU dated 16 July 2020.
You may always request a copy of the safeguards that apply to the transfers of your personal data by using our contact details below.
8. Road as a processor
In respect of certain processing activities, we act as a processor (i.e. when providing other parties with its software services). In those cases, our client is the controller and we process the personal data on their behalf. In this context, we always ensure that the necessary measures are taken with regard to the protection of personal data that we process for our clients in the course of our services, for example by concluding data processing agreements with IT application providers, software developers and cloud services that we use.
9. Job applicants
As you proceed with the application process for a position with us, we will gather and process certain personal data concerning you. This paragraph explains how we collect and use your personal data as part of your application procedure and for what purposes we process your personal data. Please note that this information only relates to your application process. Once we have accepted your application, you will receive our internal employee privacy statement.
In the context of the application procedure, we may collect and process the following personal data relating to you:
- Identification and contact details (e.g. name, date of birth, gender, place of birth, nationality, address, telephone number and email address);
- Resume and (additional) education and/or employment history;
- Professional certificates;
- Appraisals;
- References;
- Information on your legal and disciplinary history;
- Copy of an identification document (including a driver’s license, if an to the extent relevant for the position);
- Social security number (Burgerservicenummer);
- All other data relating to your work experience (if and insofar as relevant to the performance of work);
- All other data you include in your letter and/or resume;
- Government issued information, such as a copy of a residence permit or work permit (if applicable);
- Results of assessments;
- Information from your professional social media account(s);
- Your response to interview questions; and
- In the event that we decide to offer you a position, we may request a certificate of good conduct (Verklaring omtrent gedrag) to ensure suitability, integrity and reliability for the job).
We will only use your personal data as described above for the following purposes:
- To determine whether you are suitable for, and meet, the relevant requirements for the position for which you are applying;
- For our records;
- To contact you / to communicate with you;
- To enter into a contract with you; and
- To prevent reassessment of applicants.
We will collect, process and disclose your personal data where we consider it necessary to perform pre-contractual steps for purposes related to your job application or in order to pursue our legitimate interest. We may sometimes ask for your explicit consent for a certain processing activity. If we process personal data based on your consent, please note that you may revoke your consent at any time by contacting us via the contact details in paragraph 14.
Your personal data may be obtained directly from you, from publicly available sources or, where appropriate with your consent from the following third parties:
- Recruitment agencies or headhunters;
- Your referees and/or (other) past employers;
- Teachers/providers of your education and/or training about your educational program and its completion;
- Assessment agencies.
We may share your personal information with third parties, such as service providers we contract and our professional advisors to draft your employment agreement, but only for the purposes as set out above. We ensure that, if applicable, appropriate measures are taken when we disclose your personal data to third parties. Please refer to paragraph 8.
If you have taken on a role within our organization, we will incorporate your application data into your employee file and refer in this respect to our internal privacy notice.
If an offer for a position with us has not been extended to you or if you have not agreed to join, we will delete your personal information as promptly as reasonably feasible following the conclusion of the job application process. Generally, this will be a maximum period of four (4) weeks from the date the job application procedure has ended.
Your personal data will only be retained for a longer period if it is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute) or where necessary to comply with our legal obligations. If you want us to store your personal information for a longer period so that we can contact you in the event of another vacancy that suits your profile, please indicate your consent to us for retaining your personal data for a six (6) month period. You may withdraw your consent at any time after which we will delete your personal data as soon as is reasonably possible.
For your other rights regarding your personal data we kindly refer to paragraphs 10 and 11.
10. Can I access my personal data?
If you want to know what personal data we have of you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a ‘data subject access request’.
All such requests should be made in writing and sent to the email or postal addresses shown in paragraph 14 below. In principle, there is no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress.
11. What are your other rights?
Under certain circumstances you have the right to:
- Receive additional information regarding the processing of your personal data;
- Rectify your personal data;
- The erasure of your personal data;
- Object to (part of) the processing of your personal data;
- The restriction of (part of) the processing of your personal data; and
- Data portability (receive your personal data in a structured, commonly used and machine-readable format and to (have) transmit(ted) your personal data to another organization).
Finally, you have the right to lodge a complaint to the local data protection authority. With respect to the Netherlands, the Autoriteit Persoonsgegevens, address: Bezuidenhoutseweg 30, postal code 2594 AV, The Hague (or: Postbus 93374, 2509 AJ, The Hague), telephone no.: 070-8888 500, or via its complaint page on its website.
12. Automated decision making and profiling
We do not undertake any automated decision making or profiling.
13. Cookies
This website uses "cookies", which are text files placed on your computer, to help the website analyze how users use the website. We use this information to keep track of how you use the website, to compile reports on website activity and to offer other services relating to website activity and internet use.
There are different types of cookies. For example:
Necessary cookies
These are cookies that are needed to make the site work quickly
and easily for a visitor. We use necessary cookies to be able to deliver the website to you. These cookies do not collect personal information about individual visitors.
Functional cookies
We use functional cookies to enable the correct functioning of the website, enable you to visit different pages and to ensure that the website is properly delivered to you. These cookies also provide insight into the use of the website. Such as, which pages are visited? When do visitors visit the website? These cookies only provide general information and no information about individual visitors.
Analytical cookies
Analytical cookies are meant to monitor the surfing behavior of visitors, on an individual level. We use these cookies for marketing purposes.
The cookies used by us:
-id
-e
-flux_id
-sess ion
-e
-flux_id
-mail address, address
-in ping, extending it to 1 week from that moment. The user can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn’t intentionally terminated with ‘Intercom(‘shutdown’); which usually happens on logout.
Google Analytics
This website makes use of Google Analytics, a web analysis service that is provided by Google Inc. Google Analytics uses 'cookies' to help analyze in what way users are using the website.
The information about your use of the website generated by the cookie (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google uses this information to track how you use the website, to set up reports about the website activities for website operators and to offer other services relating to website activity and internet usage. Google may transfer this information to third parties if required to do so by law, or when third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. For more information, please read Google's privacy policy, as well as the specific privacy policy of Google Analytics.
If you want to prevent Google Analytics cookies from being placed on your computer when you visit our website, you can download and install the Google Analytics Opt-out Browser Add-on. Here you can find more information about opting out and how to correctly install the browser add-on.
Third party websites
Our website may refer to third party websites that may also use cookies. We have no control over the cookies used by these websites. Please see the privacy statement of that respective website if you require further information.
Deleting cookies
Cookies are stored on your computer and can be deleted at any time. Click on one of the links below to find out how to do this.
It is important to know that the use of cookies on our website is safe. Cookies do not result in spam or unwanted e-mails or phone calls. Our cookies are not used to build a personal profile.
14. Contact details
To contact us about anything related to your personal data and/or data protection, including exercising your data subject rights as discussed above in paragraphs 10 and 11, in particular your right to object, please use the contact details below:
For the attention of: Privacy Officer
Email address: legal@road.io
Telephone number: +31 (0)85 018 5243
Postal Address: Joan Muyskenweg 37, 1114 AN, Amsterdam