Privacy Policy

We provide the English version of our privacy policy as an information service. In case of doubt, the German language version shall always prevail.

Controller

vaylens GmbH

Business address:
Ezzestraße 8
44379 Dortmund
Germany

M: help@emobility.software

VAT ID: DE352928826

Management: Dr. Gregor Schmeken, Jörg Lohr

Responsible for content according to § 18 Abs. 2 MStV: Philipp Graf

Data Protection Officer

Dipl.-Inf. (FH) Karsten Schulz (GDDcert.EU)

schulz@datenschutz.systems

M: +49 151 22631968

Website and hosting

Purposes of the processing

We log technical data in the web server logs every time our website is accessed in order to ensure operational security and to be able to investigate and rectify faults. The web server access logs record which pages have been accessed and when. They contain the following data: IP address, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.

Legal basis

Art. 6 para. 1 lit. f GDPR, our legitimate interest in being able to operate the website securely and to ensure a defined external presentation.

Legitimate interest

To ensure the operational security of our website and to defend ourselves against cyber attacks.

Recipients or categories of recipients

Our web services are hosted as part of order processing in accordance with Art. 28 GDPR.

Data transfer to third countries

No.

Storage duration

The IP addresses are stored for 6 months. Error logs that record incorrect page views are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.

For further investigations into unusual activities or attacks, the data remains stored until the investigation has been completed and any legal claims have been clarified.

Contact and communication with you

Purposes of the processing

If you contact us by email, contact form, telephone or post, we will process your data in order to fulfill your request and any resulting activities. These activities may include: The processing of inquiries, applications, service requests as well as maintaining contact, providing advice and advertising for our products and services, analyzing our processes and measures to improve process quality.

We process the information that you provide to us, such as names, contact details, e-mail addresses and telephone numbers and, of course, the content of your request.

Legal basis

The legal basis may be Art. 6 (1) (f) GDPR, our legitimate interest in communicating with you and processing your request, or Art. 6 (1b) GDPR in order to carry out necessary pre-contractual or contractual measures. If you have given us your consent, Art. 6 (1) (a) GDPR is the applicable legal basis.

Legitimate interest

Our legitimate interest in responding to inquiries, including informal inquiries, as well as in providing comprehensive advice on our products and services and referring to the same or similar products and services.

Recipients or categories of recipients

In addition, we use the services of service providers as part of order processing in accordance with Art. 28 GDPR, for example to secure e-mail traffic and to comply with quality features and to process your service requests. Some of the processing may take place in the USA. In order to guarantee the level of data protection at EU standard, the EU standard data protection clauses are usually agreed with the respective service providers and special technical and organizational protective measures are provided.

Data transfer to third countries

We may transfer your personal data to third countries outside the European Economic Area (EEA) in accordance with applicable data protection laws. When transferring personal data to countries that do not provide an adequate level of data protection as determined by the European Commission, we use Standard Contractual Clauses (SCCs) to ensure that appropriate safeguards are in place. For transfers to the United States, we may use service providers that are participants in the EU-U.S. Data Privacy Framework. This framework ensures that these service providers meet the necessary standards for data protection and have undertaken to comply with the data protection principles set out in this framework.

Retention periods

As a rule, a deletion process is initiated when the processing operation has been completed. In certain cases, the actual processing is followed by further processing, such as the required retention periods. For example, emails with tax-relevant content are stored in accordance with the statutory retention periods (e.g. 6 years for commercial letters in accordance with the German Commercial Code (HGB), 10 years for tax documents in accordance with the German Fiscal Code (AO)) and then deleted.

Webinars and Digital Events

We utilize Livestorm, a third-party platform, to host our webinars and digital events. The registration forms for these events are embedded on our website via iframes. When you register for an event, your contact information is directly transmitted to our Customer Relationship Management (CRM) system, currently HubSpot, and soon to be Salesforce, to manage event communications and logistics.

Please be aware that the Livestorm iframe operates independently of our website's cookie settings. This means the registration form remains visible and functional even if you decline cookies. The personal data you provide via these forms is processed in accordance with our data protection policies and is solely used for event-related purposes.

Your application

Purposes of the processing

If you apply to us, we will process your data to the extent necessary until the application process has been completed.

Legal basis

Art. 6 para. 1 lit. b GDPR in order to process your application, which constitutes an invitation to conclude an employment contract, as part of our application procedure.

Recipients or categories of recipients

We use the services of service providers as part of order processing in accordance with Art. 28 GDPR to carry out personnel administration.

Data transfer to third countries

No.

Storage periods

If you are hired, the necessary data from your application will be stored in your personnel file. Data that is not required will be deleted. In the event of rejection, your data will be deleted 2 months after completion of the application process.

Social media

Purposes of the processing

We also communicate with you via various social media channels. When using these platforms, the respective data protection declarations always apply.

In detail, these are (as of 2023-06-02):

• YouTube (privacy policy: policies.google.com/privacy) 
• LinkedIn (privacy policy: www.linkedin.com/legal/privacy-policy) 
• Instagram (privacy policy: help.instagram.com/519522125107875) 
• Twitter (privacy policy: twitter.com/en/privacy) 
• Facebook (privacy policy: www.facebook.com/policy.php) 
• Xing and Kununu (privacy policy: privacy.xing.com/de/datenschutzerklaerung)

Legal basis

Art. 6 para. 1 lit. f our legitimate interest and Art. 6 para. 1 lit. a GDPR for the cases for which you have given us your consent.

Legitimate interest

Implementation of corporate communications and ensuring a defined external image.

Recipients or categories of recipients

The social media platforms listed above, some of which also process personal data in third countries such as the USA. All of these services share personal data, e.g. with contracted third-party providers for the provision of outsourced services, with authorities if you are legally obliged to do so or if there is a suspicion of a breach of the law, and with new business owners in the event of a company takeover or insolvency.

Retention periods

In accordance with the privacy policies of the social media platforms.

Newsletter

Purposes of the processing

We use a newsletter service for communication and external presentation.

Legal basis

Art. 6 para. 1 lit. a GDPR, your consent to the newsletter with double opt-in.

Recipients or categories of recipients

We use the services of Mailchimp from The Rocket Science Group, LLC as part of order processing in accordance with Art. 28 GDPR to send the newsletter. Part of the processing takes place in the USA. The EU standard data protection clauses have been agreed with the service provider in order to guarantee the level of data protection at EU standard DPA).

Data transfer to third countries

We use Standard Contractual Clauses (SCC) with Mailchimp to ensure that appropriate safeguards are in place.

Storage periods

After you have unsubscribed from the newsletter, your personal data will be deleted.

Direct mail to acquire new customers

Purposes of the processing

The personal data is processed for the purpose of acquiring new customers.

Legal basis

Art. 6 para. 1 lit. f GDPR, our legitimate interest in carrying out direct advertising. The source of the personal data is Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany.

Legitimate interest

Direct advertising

Recipients or categories of recipients

None

Data transfer to third countries

No

Retention periods

The personal data will be deleted immediately after the purpose has been fulfilled or after the mailing has been sent.

Credit check

Purposes of the processing

Checking the creditworthiness of customers

Legal basis

Art. 6 para. 1 lit. f GDPR, our legitimate interest.

Legitimate interest

The legitimate interest in protecting against payment defaults.

Recipients or categories of recipients

Service providers for creditworthiness information, for example Creditsafe Berlin, Deutsche Factoring Bank Bremen.

Storage duration

The information is stored for the duration of the business relationship.

Forms on the website

Purposes of the processing

We use Tally.so, an online form creation tool that allows us to collect data from users. It allows us to easily create customized forms for various purposes, e.g. for registration, surveys, feedback and the like.

Legal basis

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR, our legitimate interest in offering improved usability of our portal.

Legitimate interest

We use Tally.so tools to give users the opportunity to get in touch with us and to transmit information to us in a simple way, as they are ideal for mapping and supporting our business processes.

Recipients or categories of recipients

Tally.so, August van Lokerenstraat 71, 9050 Ghent, Belgium, is the company that processes the form data as a processor in accordance with Art. 28 GDPR.

Data transfer to third countries

No.

Retention periods

The personal data will be deleted immediately after the purpose has been fulfilled and then removed from the data backups after 90 days.

Community Charging

As part of our "Community Charging" feature, we process personal data of electric vehicle users (hereinafter referred to as "users"). This processing is carried out for the purpose of providing and billing charging services.

Data collection and processing

• Invitation to register:   
  • Data collected: E-mail address of the user 
  • Source: Transmission by the charge point operator (CPO) 
  • Purpose: Sending an invitation to register for Community Charging
• Registration and conclusion of contract:   
  • Data collected: E-mail address, password, first and last name, billing address, payment method 
  • Source: Direct input by the user in our eCharge+ app 
  • Purpose: Creation of a user account, conclusion of a contract between vaylens and the user
• Billing and payment processing:   
  • Processed data: Name, billing address, payment method details, billing data 
  • Purpose: Monthly billing of charging processes and automatic collection of the invoice amount 

Legal basis

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, the contract between us and you, which is concluded by your registration in the app.

Data recipients and service providers

For the provision of Community Charging, we work with the following service providers within the framework of order processing:

• Nitrobox GmbH, Hamburg, Germany: Billing of B2C customers 
• Stripe Payments Europe, Limited, Dublin, Ireland: Processing of B2C payments as a payment service provider 

Storage duration

• Contract and invoice data: Retained for the statutory period of 10 years after termination of the contract 
• Payment method details: Are stored by our payment service provider Stripe for approx. 10 years in accordance with legal requirements 

Use of analysis and marketing tools

We use various analysis and marketing tools to optimize our website and improve our services. Below we inform you about the tools we use and the associated data processing.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies and similar technologies to help us analyze and improve our website.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymization so that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

We use Google Analytics to analyze and regularly improve the use of our website. We use the data collected by Google Analytics to monitor and analyze web traffic, user interactions and the effectiveness of campaigns. This data helps us to improve the performance of the website and optimize the user experience.

The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

You can find further information on data protection from Google at https://policies.google.com/privacy?hl=de

Google Ads and remarketing

We use the services of Google Ads to draw attention to our products and services. We also use remarketing functions that enable us to display targeted advertising to users of our website on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). We use data to track the performance of marketing campaigns, target specific user demographics, measure the success of these campaigns, track user conversions and optimize ad targeting based on user behavior and preferences.

For this purpose, a cookie is set by Google when you visit our website, which contains a pseudonymized identification number (ID). With the help of this ID, Google can record your use of our website and link it to your actions on other websites in the Google advertising network.

The legal basis for the use of Google Ads and remarketing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

You can find more information about Google Ads and Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de

LinkedIn

We use LinkedIn to track user interactions and target advertising on the LinkedIn platform. The data collected is used for advertising purposes, analysis and to improve the user experience on LinkedIn. You can find more information on data protection at LinkedIn in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

The legal basis for the use of the LinkedIn Insight Tag is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

HubSpot

We use HubSpot to track user interactions, create user profiles and customize marketing communications based on user behavior and preferences. This data is used to improve interaction and personalize the customer experience.

The legal basis for the use of HubSpot is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/privacy-policy

 

Use of Session Cookies

On our subdomain for charging station onboarding, we use technically necessary session cookies. These cookies are essential for the functionality and smooth operation of our website. They are automatically deleted after 30 minutes of inactivity or when closing the browser.

Purpose: These session cookies serve solely to maintain your session during the onboarding process and ensure smooth navigation.

Storage duration: Maximum of 30 minutes after the last activity or until the browser is closed.

Legal basis: The use of these cookies is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as they are technically necessary for the provision of our service.

Consent for these cookies is not required. You can generally disable the use of cookies in your browser settings, however, this may limit the functionality of our website.

Cookies

Purposes of processing 

We use the Cookiebot service to use cookies in a legally compliant way. The service gives you the opportunity to object to the setting of certain cookies and to consent to the setting of other cookies. Your preferences are stored in your browser in the form of required cookies. 

We use cookies to personalize content and ads, provide social media features and analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the Services. 

Legal base 

The legal bases for setting cookies are Art. 6 (1f) GDPR for necessary cookies and Art. 6 (1a) GDPR for marketing and analytics functions.

Legitimate interest

Please see the information in the consent dialog.

Recipients or categories of recipients 

Please see the information in the consent dialog.

Data Transfer to Third country

Please see the information in the consent dialog.

Storage periods 

Please see the information in the consent dialog.