EO Charging Website Data Protection Notice
Effective Date: 10 October 2023
Version number: 2.0
1. Introduction
Juuce Limited trading as EO Charging (referred to as “we” “our” and “us”) is a company registered in England and Wales under company number 09314212 and is committed to protecting the privacy and security of your personal data. We have developed this privacy notice to inform you of the personal data we collect, what we do with your personal data, what we do to keep it secure as well as the Rights you have over your personal data.
Throughout this notice we refer to data protection legislation which includes the UK GDPR and other applicable laws including (but not limited to) the EU GDPR 2016, the Privacy Electronic Communication (EC Directive) Regulations (“PECR”) 2003 and the e-privacy Directive. This also includes any new or replacement legislation which may come into effect from time to time.
EO Charging is a data controller as we have determined the purposes of why personal data should be collected and processed.
As we are based and headquartered in the United Kingdom (UK) we are registered with the Information Commissioners Office (the ICO) with registration number ZA787899. We also have registered offices in Italy, Australia, New Zealand and the USA.
You can contact our head office using the following details:
Post:
Tomo House
Tomo Road
Stowmarket
IP14 5AY
United Kingdom
Phone: +44 (0)333 77 20383
Email: hello@eocharging.com
We have a Data Protection Officer (DPO) who can be contacted via DPO@EOCharging.com if you would like to raise or discuss any data protection matters, complaints and/or concerns directly to them.
2. Lawful Basis for Data Processing
Data protection legislation requires EO Charging to identify an appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:
Consent, to register and use our chargers and products (non-commercial customers).
Contractual Obligation, to take the necessary steps to enter into and conclude contracts of employment.
Legal Obligation, where needed for tax reasons such as UK HMRC purposes.
Vital Interests, where needed in case of emergency disclosures and the individual cannot give their consent.
Legitimate Interests, to help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with.
There may be instances of where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race and ethnicity as examples, but where identified and needed, we will ensure the relevant special conditions are applied and documented where needed.
3. Data Subjects
Due to the different services we offer and our business activities, we may process personal data of the following individuals (“data subjects”):
Customers
Commercial clients (including prospective clients)
Enquirers/complainants
Job applicants
Employees
Vendor/Suppliers
The above list is representative and non-exhaustive.
4. Personal Data Collection
We collect personal data through different means such as:
When you send us an enquiry
Register as a customer
Contact us via telephone, email or letter
Download and use our Apps
When you apply for one of our job vacancies
Through marketing lists
Contact us on social media
Through our vendors/suppliers
The above list is representative and non-exhaustive.
5. Personal Data Processed
We may process the following sets of personal data:
Name
Postal address
Email address
Phone number
Job details
Recruitment data (including CVs and cover letters)
IP address
Product data (e.g. product serial number, charge times, profile data, metadata etc)
The above list is representative and non-exhaustive.
6. How We Use Personal Data
We may use personal data for various activities (i.e. purposes) which can include the following activities:
To process orders and answer any product enquires
Charger installation enquiries and support
Cloud/App services support
To send any marketing communications
Process job applications
Onboarding of new employees
Process payments and other financial activities
To monitor website usage
Action any data subject right requests
Seek your views or comments on the services we provide
Notify you of changes to our services
Handle an enquiry or complaint you have made
The above list is representative and non-exhaustive.
For more information to how we process personal data you can contact us as detailed above.
7. EO Charging Mobile Apps
We have available on the Apple Store and Google Market mobile phone apps (which can also be used on tablet devices) to help our customers manage their chargers remotely and help create profiles linked to chargers that are purchased.
Our Apps are made by us and not with or by any external third parties and collect very minimal personal data to what is needed. The apps all require a user’s consent in line with the UK PECR/EU e-Privacy Directive and will not function without a users consent.
The Apps do not use cookies and are hosted within our network which is based in the EU.
We have ensured users have control and access to their app data at all times, and if a user decides to delete their profile, our apps will not retain the data and a new account will need to be created. Please note in line with our data retention practices, we only retain data of accounts once deleted for 14 days, after which it is permanently deleted and not recoverable.
Our mobile apps may also send push notifications to inform and alert users if their chargers may be experiencing and faults or to send any important alerts which do not rely on a user’s consent (e.g. new app versions ready to be installed).
For more information you can contact us using our details above.
8. Call Recordings
Calls into our telephone lines are recorded and held for 90 days and automatically deleted at the end of the retention period. We record calls for training and monitoring purposes. For more information you can contact us using our details above.
9. Recruitment and Criminal Data Processing
We have a separate recruitment privacy notice on our website which details how we process personal data in line with our recruitment activities. We also use recruitment agencies in the UK only to help best place people within our organisation. More information to our use of agencies can be found in our recruitment privacy notice and you can contact us using our details above.
Some of our roles may require a criminal background check but this is only for positions that may involve being on client sites and those who deal with sensitive client information. EO Charging does not have official authority to conduct these checks and we will only utilise an approved third party to help those who require checks to be contacted and to help with this screening process. This should not deter anyone from applying for our roles that may require such checks as they could significantly help and contribute to our organisation.
For more information you can contact us using our details above and view our Recruitment Privacy Notice on our website.
10. Children’s Personal Data
Our services are not designed for children of any age. If we do become aware of any children’s data being processed, we will take all reasonable steps and efforts to remove their personal data where identified.
11. Data Sharing
We do not sell, rent, or lease personal data pertaining to our customers or clients (including prospective’s) at any time.
Due to the nature of our business, there may be times we are required to share data with other departments or members of our organisation. Examples of this can include (but not limited to):
Customer requests/concerns/complaints
Recruitment purposes
Service issues/support including cloud/charger issues
We may also share data with our third-party vendors/suppliers as and when needed to help fulfil some of our business activities, such as recruitment as mentioned above.
Please note there may also be instances where we may need to share personal data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
12. International Data Transfers
Due to the global nature of our organisation, there may be instances where we may need to transfer and share your data with other EO Charging employees or other organisations (e.g. vendors, service suppliers, law enforcement bodies etc.) who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country or in other third countries who may not have robust or similar data protection laws to the UK/EEA. If we need to transfer your information globally where required, we will take steps to ensure that appropriate safeguards are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.
13. Marketing Communications
We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. You can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You can opt out by contacting us directly using our details mentioned above.
14. Website Links
This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to a website’s privacy notice when using it.
15. Cookies
We use cookies on our website. More information to cookies can be found in our cookie notice, and you can also change your consent via our website too.
16. Automated Decision-Making
We do not carry out any automated decision-making within our organisation. If this was to change, we will be sure to update this notice and provide details to when this would apply.
17. Data Retention
As a data controller we will retain personal data to provide our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
We will retain personal data for as long as necessary in line with various requirements, such as for example, best practice recommendations (e.g. ICO recommendations), relevant guidelines (e.g. ACAS guidance) or for as long as mandated under specific legislation (e.g. HMRC requirements). We will also determine appropriate retention periods based on our legitimate interests where identified.
At the end of the retention period personal data will be securely deleted or anonymised.
18. What Happens If Our Business Changes Hands?
We may from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.
19. Data Security
As mentioned above we take security of personal data seriously, and we have certifications to various data security frameworks such as Cyber Essentials, Cyber Essentials Plus and ISO 27001, and we review our certifications annually.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.
20. Data Protection Rights
If you are based in the UK/EEA you have several Rights to how an organisation processes your personal data. The Rights are as follows:
Right to be informed
Right to access data
Right to rectification
Right to erasure
Right to restrict processing
Right to objection
Right to portability
Right not to subject to automated decision making and profiling
If you would like to exercise any of the above Rights you can do so by sending us a written request using our details mentioned above.
Please note we may ask for ID (e.g. passport scan, drivers license etc) to verify identity where needed. Upon successful verification we will delete and remove all copies of ID received.
Should we also require extension of time to help fulfil any Right requests, we will be sure to contact requestors as soon as possible with reason(s) why an extension is needed and when Right requests can be fully carried out and completed.
21. Concerns and Complaints
We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.
You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via this link.
If you are based anywhere within the EEA a list of supervisory authorities can be found via this link.
22. Review and Updates
We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.