Privacy Policy
We provide the English version of our privacy policy as an information service. In case of doubt, the German language version shall always prevail.
Controller
vaylens GmbH
Business address:
Ezzestraße 8
44379 Dortmund
Germany
VAT ID: DE352928826
Management: Dr. Gregor Schmeken, Jörg Lohr, Peter Hamela
Responsible for content according to § 18 Abs. 2 MStV: Philipp Graf
Data Protection Officer
Dipl.-Inf. (FH) Karsten Schulz (GDDcert.EU)
M: +49 151 22631968
Website and hosting
Purposes of the processing
We log technical data in the web server logs every time our website is accessed in order to ensure operational security and to be able to investigate and rectify faults. The web server access logs record which pages have been accessed and when. They contain the following data: IP address, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.
Legal basis
Art. 6 para. 1 lit. f GDPR, our legitimate interest in being able to operate the website securely and to ensure a defined external presentation.
Legitimate interest
To ensure the operational security of our website and to defend ourselves against cyber attacks.
Recipients or categories of recipients
Our web services are hosted as part of order processing in accordance with Art. 28 GDPR.
Data transfer to third countries
No.
Storage duration
The IP addresses are stored for 6 months. Error logs that record incorrect page views are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.
For further investigations into unusual activities or attacks, the data remains stored until the investigation has been completed and any legal claims have been clarified.
Contact and communication with you
Purposes of the processing
If you contact us by email, contact form, telephone or post, we will process your data in order to fulfill your request and any resulting activities. These activities may include: The processing of inquiries, applications, service requests as well as maintaining contact, providing advice and advertising for our products and services, analyzing our processes and measures to improve process quality.
We process the information that you provide to us, such as names, contact details, e-mail addresses and telephone numbers and, of course, the content of your request.
Legal basis
The legal basis may be Art. 6 (1) (f) GDPR, our legitimate interest in communicating with you and processing your request, or Art. 6 (1b) GDPR in order to carry out necessary pre-contractual or contractual measures. If you have given us your consent, Art. 6 (1) (a) GDPR is the applicable legal basis.
Legitimate interest
Our legitimate interest in responding to inquiries, including informal inquiries, as well as in providing comprehensive advice on our products and services and referring to the same or similar products and services.
Recipients or categories of recipients
In addition, we use the services of service providers as part of order processing in accordance with Art. 28 GDPR, for example to secure e-mail traffic and to comply with quality features and to process your service requests. Some of the processing may take place in the USA. In order to guarantee the level of data protection at EU standard, the EU standard data protection clauses are usually agreed with the respective service providers and special technical and organizational protective measures are provided.
Data transfer to third countries
We may transfer your personal data to third countries outside the European Economic Area (EEA) in accordance with applicable data protection laws. When transferring personal data to countries that do not provide an adequate level of data protection as determined by the European Commission, we use Standard Contractual Clauses (SCCs) to ensure that appropriate safeguards are in place. For transfers to the United States, we may use service providers that are participants in the EU-U.S. Data Privacy Framework. This framework ensures that these service providers meet the necessary standards for data protection and have undertaken to comply with the data protection principles set out in this framework.
Retention periods
As a rule, a deletion process is initiated when the processing operation has been completed. In certain cases, the actual processing is followed by further processing, such as the required retention periods. For example, emails with tax-relevant content are stored in accordance with the statutory retention periods (e.g. 6 years for commercial letters in accordance with the German Commercial Code (HGB), 10 years for tax documents in accordance with the German Fiscal Code (AO)) and then deleted.
Your application
Purposes of the processing
If you apply to us, we will process your data to the extent necessary until the application process has been completed.
Legal basis
Art. 6 para. 1 lit. b GDPR in order to process your application, which constitutes an invitation to conclude an employment contract, as part of our application procedure.
Recipients or categories of recipients
We use the services of service providers as part of order processing in accordance with Art. 28 GDPR to carry out personnel administration.
Data transfer to third countries
No.
Storage periods
If you are hired, the necessary data from your application will be stored in your personnel file. Data that is not required will be deleted. In the event of rejection, your data will be deleted 2 months after completion of the application process.
Social media
Purposes of the processing
We also communicate with you via various social media channels. When using these platforms, the respective data protection declarations always apply.
In detail, these are (as of 2023-06-02):
- YouTube (privacy policy: policies.google.com/privacy)
- LinkedIn (privacy policy: www.linkedin.com/legal/privacy-policy)
- Instagram (privacy policy: help.instagram.com/519522125107875)
- Twitter (privacy policy: twitter.com/en/privacy)
- Facebook (privacy policy: www.facebook.com/policy.php)
- Xing and Kununu (privacy policy: privacy.xing.com/de/datenschutzerklaerung)
Legal basis
Art. 6 para. 1 lit. f our legitimate interest and Art. 6 para. 1 lit. a GDPR for the cases for which you have given us your consent.
Legitimate interest
Implementation of corporate communications and ensuring a defined external image.
Recipients or categories of recipients
The social media platforms listed above, some of which also process personal data in third countries such as the USA. All of these services share personal data, e.g. with contracted third-party providers for the provision of outsourced services, with authorities if you are legally obliged to do so or if there is a suspicion of a breach of the law, and with new business owners in the event of a company takeover or insolvency.
Retention periods
In accordance with the privacy policies of the social media platforms.
Newsletter
Purposes of the processing
We use a newsletter service for communication and external presentation.
Legal basis
Art. 6 para. 1 lit. a GDPR, your consent to the newsletter with double opt-in.
Recipients or categories of recipients
We use the services of Mailchimp from The Rocket Science Group, LLC as part of order processing in accordance with Art. 28 GDPR to send the newsletter. Part of the processing takes place in the USA. The EU standard data protection clauses have been agreed with the service provider in order to guarantee the level of data protection at EU standard DPA).
Data transfer to third countries
We use Standard Contractual Clauses (SCC) with Mailchimp to ensure that appropriate safeguards are in place.
Storage periods
After you have unsubscribed from the newsletter, your personal data will be deleted.
Direct mail to acquire new customers
Purposes of the processing
The personal data is processed for the purpose of acquiring new customers.
Legal basis
Art. 6 para. 1 lit. f GDPR, our legitimate interest in carrying out direct advertising. The source of the personal data is Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany.
Legitimate interest
Direct advertising
Recipients or categories of recipients
None
Data transfer to third countries
No
Retention periods
The personal data will be deleted immediately after the purpose has been fulfilled or after the mailing has been sent.
Credit check
Purposes of the processing
Checking the creditworthiness of customers
Legal basis
Art. 6 para. 1 lit. f GDPR, our legitimate interest.
Legitimate interest
The legitimate interest in protecting against payment defaults.
Recipients or categories of recipients
Service providers for creditworthiness information, for example Creditsafe Berlin, Deutsche Factoring Bank Bremen.
Storage duration
The information is stored for the duration of the business relationship.
Forms on the website
Purposes of the processing
We use Tally.so, an online form creation tool that allows us to collect data from users. It allows us to easily create customized forms for various purposes, e.g. for registration, surveys, feedback and the like.
Legal basis
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR, our legitimate interest in offering improved usability of our portal.
Legitimate interest
We use Tally.so tools to give users the opportunity to get in touch with us and to transmit information to us in a simple way, as they are ideal for mapping and supporting our business processes.
Recipients or categories of recipients
Tally.so, August van Lokerenstraat 71, 9050 Ghent, Belgium, is the company that processes the form data as a processor in accordance with Art. 28 GDPR.
Data transfer to third countries
No.
Retention periods
The personal data will be deleted immediately after the purpose has been fulfilled and then removed from the data backups after 90 days.
Community Charging
As part of our "Community Charging" feature, we process personal data of electric vehicle users (hereinafter referred to as "users"). This processing is carried out for the purpose of providing and billing charging services.
Data collection and processing
- Invitation to register:
- Data collected: E-mail address of the user
- Source: Transmission by the charge point operator (CPO)
- Purpose: Sending an invitation to register for Community Charging
- Registration and conclusion of contract:
- Data collected: E-mail address, password, first and last name, billing address, payment method
- Source: Direct input by the user in our eCharge+ app
- Purpose: Creation of a user account, conclusion of a contract between vaylens and the user
- Billing and payment processing:
- Processed data: Name, billing address, payment method details, billing data
- Purpose: Monthly billing of charging processes and automatic collection of the invoice amount
Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, the contract between us and you, which is concluded by your registration in the app.
Data recipients and service providers
For the provision of Community Charging, we work with the following service providers within the framework of order processing:
- Nitrobox GmbH, Hamburg, Germany: Billing of B2C customers
- Stripe Payments Europe, Limited, Dublin, Ireland: Processing of B2C payments as a payment service provider
Storage duration
- Contract and invoice data: Retained for the statutory period of 10 years after termination of the contract
- Payment method details: Are stored by our payment service provider Stripe for approx. 10 years in accordance with legal requirements
Use of analysis and marketing tools
We use various analysis and marketing tools to optimize our website and improve our services. Below we inform you about the tools we use and the associated data processing.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies and similar technologies to help us analyze and improve our website.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymization so that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
We use Google Analytics to analyze and regularly improve the use of our website. We use the data collected by Google Analytics to monitor and analyze web traffic, user interactions and the effectiveness of campaigns. This data helps us to improve the performance of the website and optimize the user experience.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
You can find further information on data protection from Google at https://policies.google.com/privacy?hl=de
Google Ads and remarketing
We use the services of Google Ads to draw attention to our products and services. We also use remarketing functions that enable us to display targeted advertising to users of our website on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). We use data to track the performance of marketing campaigns, target specific user demographics, measure the success of these campaigns, track user conversions and optimize ad targeting based on user behavior and preferences.
For this purpose, a cookie is set by Google when you visit our website, which contains a pseudonymized identification number (ID). With the help of this ID, Google can record your use of our website and link it to your actions on other websites in the Google advertising network.
The legal basis for the use of Google Ads and remarketing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
You can find more information about Google Ads and Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de
We use LinkedIn to track user interactions and target advertising on the LinkedIn platform. The data collected is used for advertising purposes, analysis and to improve the user experience on LinkedIn. You can find more information on data protection at LinkedIn in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
The legal basis for the use of the LinkedIn Insight Tag is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
HubSpot
We use HubSpot to track user interactions, create user profiles and customize marketing communications based on user behavior and preferences. This data is used to improve interaction and personalize the customer experience.
The legal basis for the use of HubSpot is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/privacy-policy
Cookies
Purposes of processing
We use the Cookiebot service to use cookies in a legally compliant way. The service gives you the opportunity to object to the setting of certain cookies and to consent to the setting of other cookies. Your preferences are stored in your browser in the form of required cookies.
We use cookies to personalize content and ads, provide social media features and analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the Services.
Legal base
The legal bases for setting cookies are Art. 6 (1f) GDPR for necessary cookies and Art. 6 (1a) GDPR for marketing and analytics functions.
Legitimate interest
Please see the information in the consent dialog.
Recipients or categories of recipients
Please see the information in the consent dialog.
Data Transfer to Third country
Please see the information in the consent dialog.
Storage periods
Please see the information in the consent dialog.