Imprint

Service Provider

Andreas Götz
Gubiner Str. 15
30880 Laatzen
Email address: info@evcc.io

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both within the scope of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

As of: April 26, 2021

Table of Contents

• Introduction
• Controller
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• Data Processing in Third Countries
• Business Services
• Provision of the Online Offer
• Deletion of Data
• Changes and Updates to the Privacy Policy
• Rights of Data Subjects
• Definitions

Controller

Andreas Götz
Gubiner Str. 15
30880 Laatzen

Email address: info@evcc.io.

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

• Inventory data (GitHub profile and sponsorship level).
• Meta/communication data (IP addresses, hostnames).
• Contract data (vehicle type and access data for vehicle APIs).

Categories of Data Subjects

• Interested parties
• Customers
• Users

Purposes of Processing

• Provision of our online offer.
• Management and response to inquiries.

Relevant Legal Bases

The following is an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject's request.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, specific provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of employment (§ 26 BDSG), especially with regard to the establishment, performance, or termination of employment relationships, as well as the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the respective access, input, transfer, securing of availability, and separation. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transfer of Personal Data

In the course of our processing of personal data, it happens that the data is transferred to other entities, companies, legally independent organizational units, or persons or is disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place within the scope of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this only occurs in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, contractual obligation through so-called EU standard contractual clauses, when certifications are present, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Provision of the Online Offer

The online offer is operated on servers of Fly.io, Inc. (2045 West Grand Avenue Ste B, Chicago, IL 60612). We refer to the corresponding privacy policy.

We use GitHub to provide the sponsorship function as well as to generate the login token. We refer to the corresponding privacy policy.

Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their permitted consent is revoked or other permissions cease to apply (e.g., if the purpose of the processing of this data ceases to apply or they are not required for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.

Our data protection notices may also contain further information on the retention and deletion of data, which take precedence for the respective processing operations.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting us.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw consents given at any time.
• Right of access: You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain access to such data, as well as further information and a copy of the data in accordance with the legal requirements.
• Right to rectification: You have the right to request the rectification of inaccurate data concerning you and the completion of incomplete data in accordance with the legal requirements.
• Right to erasure and restriction of processing: You have the right to demand the immediate deletion of data concerning you, or alternatively, in accordance with the legal requirements, to demand the restriction of the processing of the data.
• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined mainly in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily to aid understanding. The terms are listed alphabetically.

• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Controller: The "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Created with the free privacy policy generator by Dr. Thomas Schwenke