Privacy Policy

You can download our privacy policies here:

Privacy Policy Website (English)

Download

Privacy Policy SmartCable (English)

Download

Or you can read our privacy policies here:

Privacy Policy for the website

In this privacy policy we, ubitricity Gesellschaft für verteilte Energiesysteme mbh (EUREF-Campus 7-8, 10829 Berlin, Germany; in the following also named ”ubitricity“, ”we“ or ”us“) inform you about the processing of personal data when using our websites (in the following referred to as “website”).

Personal data is information that relates to an identified or identifiable person. This includes, above all, information that makes it possible to draw conclusions about your identity such as your name, telephone number, and address or email address. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term “personal data”.

You can print or save this privacy policy by using the usual functionality of your browser. You can also download and archive this privacy statement as a PDF file by clicking here.

1. Contact

Your contact person and so-called person responsible for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is

ubitricity Gesellschaft für verteilte Energiesysteme mbH

EUREF-Campus 7-8
10829 Berlin
Phone              +49 30 398 371 690
Fax:                 +49 30 398 371 699
Email:            dataprotection@ubitricity.com

For any questions about privacy in connection with our products or the use of our website, you can always contact our data protection officer. The data protection officer can be reached at the above postal address as well as at the previously stated email address (keyword: “for the attention of the data protection officer”). Please be aware that when sending an e-mail to this address the content will not only be accessible to the data protection officer. In case that you wish to get into contact with the data protection officer directly, please ask for his direct contact details.

2. Data processing on our website

2.1 Visiting our website / access data

When you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include in particular:

  • IP address of the requesting device
  • Date and time of your request
  • Address of the website visited and the requesting website
  • Information about your browser and operating system
  • Online identifiers (e.g. device IDs, session IDs)

The data processing of this access data is necessary to enable the visit of the website and to ensure the long-term functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above to provide statistical information on the use of our website in order to further develop our website in terms of the usage habits of our visitors (for example, when the share of mobile devices accessing our website increases) and to maintain and administer our website in general. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

The information stored in the log files does not allow any direct inference to your person – in particular, we store the IP addresses only in a shortened, anonymized form. The log files are stored for 30 days and archived after subsequent anonymization.

2.2 Contacting us

You can contract us via our contact form or directly via e-mail. The collection of information marked on the online contact form is required to process your request. These are your name and your email address. With regard to other data fields, you decide yourself whether and which information you want to make available to us.

The described processing of your data is carried out exclusively in so far and to the extent necessary for the communication with you. The legal basis for the described processing of your data insofar is Art. 6 para. 1 lit. b and f GDPR. The data collected in the context of your use of our online contact form will be deleted 30 days after processing of your query is finished, unless we require such data for a longer period of time due to contractual or statutory obligations.

Enquiries from the United Kingdom of Great Britain and Northern Ireland are processed by contact partners of ubitricity Distributed Energy Systems UK Ltd, a subsidiary of ubitricity G.f.v.E. mbH.

2.3 Arrangement of Meeting and Calls

To arrange a meeting or call, we partly use the tool “Calendly”, a service of Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363 USA. After filling out the contact forms and in some cases during the application process, Calendly shows you at what time our contact persons may be available for a personal interview and helps you to book the meeting. This requires you to provide your name, e-mail address and telephone number. With regards to the other data fields, you decide yourself whether and which information you want to provide. Calendly may process your data in the USA and we have concluded standard contractual clauses with Calendly in accordance with Art. 46 Para. 2 lit. c GDPR. You can find more information in Calendly’s privacy policy here.

As an alternative to using our calendar function through Calendly, you can also contact us via our contact form or directly by email to contact@ubitricity.com to arrange a meeting with us.  

The legal basis is the execution of the appointment according to Art. 6 para. 1 p. 1 lit. b, f GDPR. We process your data insofar as this is necessary for the purpose of the appointment with you and to answer your enquiry.

2.4 Customer Relation Management and Sales-Reporting for Corporate Customers

In order to process your enquiries, manage our production and sales processes and carry out pre-contractual measures, we process data that you provide to us in the course of sales and information discussions and when placing orders as a corporate customer. In particular, this concerns your product enquiries and potential sales figures. For this purpose, we use the tool “Pipedrive” from Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallin, Estonia. Pipedrive processes and stores your data in Germany and other parts of the European Union. However, Pipedrive also maintains sites in the USA, so it cannot be ruled out that data may be processed in the USA. For the situation that processing by Pipedrive itself or commissioned service providers takes place outside the European Union, we have concluded standard contractual clauses with Pipedrive in accordance with Art. 46 (2) lit. c GDPR. 

Enquiries from the United Kingdom of Great Britain and Northern Ireland are processed by contact partners of ubitricity Distributed Energy Systems UK Ltd, a subsidiary of ubitricity G.f.v.E. mbH.

The legal basis for this processing is Article 6 (1) sentence 1 lit. b and f GDPR.

2.5 Registration and Usage of Web Portals

SmartCable users can view some of their consumption and customer data in an ubitricity web portal (e.g. https://portal.mobilstrom.de or https://portal.ubitricity.co.uk/home) in order to be able to use the full range of functions of the SmartCable. For this purpose, we create an individual customer account for you and process your charging, billing and contact data.

The legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

2.6 Newsletter

You have the option to subscribe to our newsletter, in which we keep you informed about new products and activities.

For the subscription to our newsletter, we use the double opt-in procedure. You can unsubscribe from the list anytime by using the respective unsubscribe link below every newsletter. Contacting us via mail or letter to the addresses given in the newsletter is of course also possible. The legal basis for data processing is your consent according to the Art. 6 para 1 lit. a GDPR.

We use “Mailchimp”, a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA, to send and manage our newsletters. MailChimp ensures compliance with data protection standards through standard contractual clauses that we have concluded with MailChimp in accordance with Art. 46 (2) lit. c GDPR. The details of your registration for the newsletter are transferred by us to MailChimp and remain stored there for as long as you are registered for the newsletter. We use standard market technologies in our newsletters to measure interactions with the newsletters (e.g. opening of the email, links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is only collected pseudonymously and is not linked to your other personal data. The legal basis for this is our legitimate interest in the needs-based design and continuous optimisation of our newsletter in accordance with Art. 6 para. 1 p. 1 lit. f GDPR and your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email program by default. After you have unsubscribed the newsletter, we will delete your contact data and anonymize remaining statistical data on your interaction with our newsletters within 30 days.

2.7 Applications and HR-Management

You can apply to us for open positions. We collect the following data in particular for the purpose of receiving and processing your application: First name and surname, e-mail address, application documents (e.g. references, CV), date of earliest possible start of employment and salary expectations, as well as all other information that you provide to us in your application documents.

For application and personnel management, we use the HR management tool Personio and an embedded recruiting page of the Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. You can submit your application data via the recruiting site. If an employment relationship is established following the application process, we also use Personio to manage your personnel and employment contract data.  

The legal basis for the processing of your application documents is Art. 6 para. 1 sentence 1 lit. b and Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG.

Applications for our London office are also processed by ubitricity Distributed Energy Systems UK Ltd, a UK subsidiary of ubitricity G.f.v.E. mbH.

3. Use of Cookies and Similar Technologies

This website uses cookies and similar technologies (collectively “tools”) provided either by ourselves or by third parties.

A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. Comparable technologies are in particular web storage (local / session storage), Fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or only stored with your prior consent. If you refuse cookies or similar technologies, you may not be able to use all of our services without problems.

In the following, the tools we use are listed by category, whereby we inform you in particular about the providers of the tools, the storage period of the cookies and the forwarding of the data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.

If – despite the greatest care – the information in the cookie banner contradicts that in this data protection declaration, the information in this data protection declaration takes precedence. 

3.1 Legal Basis and Revocation

3.1.1 Legal Basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR to enable you to use our website more conveniently and individually and to make use as time-saving as possible. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

We use all other tools, in particular those for analysis purposes, on the basis of your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR and in accordance with § 15 Para. 3 Sentence 1 TMG (German Telemedia Act), insofar as user profiles are created for the purposes of advertising or market research. Data processing with the help of these tools only takes place if we have received your consent in advance.

If personal data is transferred to third countries, we refer you to section 6 (“Data transfer to third countries”), also with regard to the possible associated risks. We will inform you if we have concluded standard contractual clauses or other guarantees with the providers of certain tools. If you have given your consent to the use of certain tools, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent.

3.1.2 Obtaining your Consent

To obtain and manage your consents, we use the Borlabs Cookie tool from Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, (“Borlabs”). This generates a banner which informs you about the data processing on our website and gives you the opportunity to agree to all, individual or no data processing by optional tools. This banner will appear the first time you visit our website and when you revisit your preferences selection to change them or withdraw consent. The banner will also appear on subsequent visits to our website if you have disabled the storage of cookies or the cookie has been deleted by Borlabs or has expired.

When you visit our website, Borlabs receives your consent or revocation, your IP address, information about your browser, your terminal device and the time of your visit. Borlabs also uses a necessary cookie to store your consents and revocations. If you delete your cookies, we will ask you for your consent again when you visit the site at a later date. The data processing by Borlabs is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Borlabs is Article 6 (1) sentence 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.

3.1.3 Withdrawing your Consent or Changing your Selection

You can withdraw your consent for certain tools at any time. To do so, click on the following link/button: Change preferences. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information on the cookies and the respective storage period. Alternatively, you can assert your revocation for certain tools directly with the provider.

3.2 Necessary Tools

We use certain tools to enable the basic functions of our website (“Necessary Tools”). Without these tools we would not be able to provide our service. Therefore, necessary Tools are used without consent on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR or for the performance of a contract or for the execution of pre-contractual measures pursuant to Art. 6 (1) sentence 1 lit. b GDPR.

3.2.1 Own Cookies

We use our own cookies in particular

  • for login authentication,
  • for load balancing,
  • to save your language settings,
  • to record that information placed on our website has been displayed to you ¬- so that it is not displayed again the next time you visit the website.

3.3 Analysis Tools

In order to improve our website, we use tools for the statistical collection and analysis of general usage behaviour based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.

The legal basis for the analysis tools is – unless otherwise stated – your consent according to Art. 6 para. 1 p. 1 lit. a GDPR. For revocation of your consent, see 3.1.3: ” Withdrawing your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 para. 1 sentence 1 lit. a GDPR). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

3.3.1 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The data generated in this context may be transferred by Google to a server in the USA for analysis and stored there.

We have made the following data protection settings for Google Analytics:

  • IP anonymisation (shortening of the IP address before evaluation so that no conclusions can be drawn about your identity).
  • Automatic deletion of old logs / limitation of the storage period to 24 months
  • Deactivated advertising function (including target group remarketing through GA Audience)
  • Disabled personalised ads
  • Disabled Measurement Protocol
  • Disabled cross-site tracking (Google signals)
  • Disabled data sharing with other Google products and services

The following data is processed by Google Analytics:

  • Anonymised IP address;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, time spent);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions), if applicable;
  • Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
  • Approximate location (country and city, if applicable, based on anonymised IP address).

Google Analytics sets the following cookies for the stated purpose with the respective storage duration:

  • “_ga” for 2 years and “_gid” for 24 hours (both to recognise and distinguish website visitors by a user ID);
  • “_gat” for 1 minute (to reduce requests to Google servers);
  • “IDE” for 13 months (third-party cookie to recognise and distinguish website visitors by a user ID, to record interaction with advertising and in the context of playing out personalised advertising).

We have concluded a Data Processing Agreement with Google for the use of Google Analytics as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can find more information on this in Google’s privacy policy.

3.4 External Media

We use tools from external media on our website, such as embedded videos or maps.

Unless otherwise stated, the legal basis for this is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR, which you give via the cookie banner or with the respective tool itself by individually allowing its use via a banner (overlay) placed above it. For the revocation of your consent, see 3.1.3: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 para. 1 sentence 1 lit. a GDPR). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

3.4.1 YouTube Videos

We have integrated videos into our website that are stored on YouTube and can be played from our websites if you have consented to this. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We have activated YouTube’s extended data protection mode. This means that Google does not receive any usage information or set any cookies until the user actively clicks on the play button. After this click, the video is played and Google sets its own cookies to improve its services and to play individualised advertising in the Google advertising network.

By visiting our website, YouTube and Google receive the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether you are logged in to YouTube or Google or not. YouTube and Google use this data for the purposes of advertising, market research and the needs-based design of their websites. If you call up YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not wish the association, it is necessary that you log out of Google before calling up our website.

In addition to revoking your consent, you also have the option of deactivating personalized advertising in Google’s advertising settings. In this case, Google will only display non-individualised advertising.

You can find more information in Google’s privacy policy, which also applies to YouTube.

3.4.2 Vimeo Videos

We have integrated videos into our website that are stored on the video platform Vimeo and can be played from our websites if you have consented to this. Vimeo is a multimedia service of Vimeo Inc, 555 West 18th Street, New York 10011, USA (“Vimeo”).

When you visit our websites, Vimeo receives the information that you have accessed the corresponding sub-page. This can occur regardless of whether you are logged in to Vimeo or not.

Vimeo may use this data for the purposes of advertising, market research and customising its websites. If you access videos on our websites while you are logged into your Vimeo profile, Vimeo may also link this event to your Vimeo profile. If you do not wish this association, you must log out of Vimeo before accessing our websites.

In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with Vimeo.

You can find more information in the Vimeo privacy policy.

3.4.3 Google Maps

Our website uses the map service Google Maps, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

In order for the Google map material used by us to be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you call up the respective part of the websites. This provides Google with the information that the respective part of the website was called up from the IP address of your device. In the event that personal data is transferred to the USA, Google has undertaken to comply with standard contractual clauses of the European Commission. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in the integration of a map service for contacting us.

If you call up the Google map service on our website while you are logged into your Google profile, Google may also link this event to your Google profile. If you do not wish to be associated with your Google profile, you must log out of Google before accessing our contact page. Google stores your data and uses it for the purposes of advertising, market research and personalised presentation of Google Maps. You can object to this data collection vis-à-vis Google. You can find more information on this in Google’s privacy policy and the additional terms of use for Google Maps.

4. Online Presence on Social Networks

We maintain online presences on social networks in order to communicate with customers and interested parties and to inform them about our products and services.

The users’ data is generally processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.

As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we, as operators of the online presences, can access.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, based on our legitimate interest in effectively informing users and communicating with users, or Art. 6 para. 1 sentence 1 lit. b GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The following links will also provide you with further information on the respective data processing and the options to object.

We would like to point out that data protection requests can most efficiently be asserted with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:

5. Forwarding of Data

The data collected by us will only be forwarded if:

  • you have given your express consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed,
  • we are legally obliged to disclose your data according to Art. 6 para. 1 p. 1 lit. c GDPR or
  • this is legally permissible and required in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures which take place at your request.

Part of the data processing may be carried out by our service providers and by our subsidiary ubitricity Distributed Energy Systems UK Ltd. In addition to the service providers mentioned in this privacy statement, this may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, other service providers and consulting companies. If we forward on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

ServiceCompanyProcessing Location
Group Servicesubitricity DES UK Ltd.Großbritannien
Server HostingALL-INKL.COM – Neue Medien MünnichDeutschland
Server HostingHetzner Online GmbHDeutschland
Server HostingAmazon Web Services Inc. Deutschland
Server HostingGoogle Ireland LimitedDeutschland

In addition, data may be disclosed in connection with official enquiries, court decisions and legal proceedings if this is necessary for legal prosecution or enforcement.

6. Data Transfer to Third Countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose data protection level does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequacy decision (Article 45 of the GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is provided for and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to record and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when obtaining your consent via the cookie banner.

7. Duration of Storage

In principle, we only store personal data for as long as is necessary to fulfil contractual or legal obligations for which we have collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidence purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at the earliest at this point in time according to the statutory limitation period.

Even after this date, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified therein for the retention of documents are two to ten years.

8. Your Rights

You have the right to request information about the processing of your personal data by us at any time. When you request information, we will explain the data processing to you and provide you with an overview of the data stored about you. If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose. You can also have the processing of your data restricted, e.g. if you are of the opinion that the data we have stored is incorrect. You also have the right to data portability, which means that we will provide you with a digital copy of the personal data we hold about you if you request it.

To exercise your rights as described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6 (1) lit. e or f GDPR. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where ubitricity is headquartered, the competent supervisory authority is: The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin, Germany.

9. Right of Revocation and Objection

In accordance with Article 7 (2) GDPR, you have the right to withdraw your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR and to provide us with reasons which arise from your particular situation and which, in your opinion, argue for an overriding of your interests worthy of protection. If you object to the processing of your data for direct marketing purposes, you have a general right of objection, which we will also implement without giving reasons.

If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the above-mentioned contact details.

10 Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art. To secure the personal data you enter on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

11. Changes to the Data Protection Declaration

From time to time, we may update this privacy policy, for example, if we change our website or if legal or regulatory requirements change.

Version: February 2021

Privacy Policy SmartCable

In this privacy policy, ubitricity Distributed Energy Systems UK Limited; Spectrum House, Unit 11 32-34, Gordon House Road,  London NW5 1LP; in the following also named ”ubitricity DES UK Ltd.“, ”we“ or ”us“) informs you about the processing of your personal data when using the ubitricity SmartCable and related services.

Personal data is information that relates to an identified or identifiable person. This includes, above all, information that makes it possible to draw conclusions about your identity such as your name, telephone number, and address or email address. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term “personal data”.

You can print or save this privacy policy by using the usual functionality of your browser. You can also download and archive this privacy statement as a PDF file by clicking here.

1. Contact

Your contact person and so-called controller (which is the person responsible for the processing of your personal data when using the Direct Access Charging) within the meaning of the EU General Data Protection Regulation (GDPR) is:

ubitricity Distributed Energy Systems UK Limited (ubitricity DES Ltd.)

Spectrum House · Unit 11 ·

32-34 Gordon House Road · London · NW5 1LP

email:  dataprotection@ubitricity.co.uk

For any questions on the subject of privacy in connection with our products and services, you can also contact our data protection officer at the above postal address as well as at the previously stated email address (keyword: “for the attention of the data protection officer”).

2. Data processing

2.1 SmartCable order and billing

When ordering a SmartCable we process the following data to fulfil our contractual obligations under our contract with you on the provision of our services.

  • Title,
  • First and last name,
  • Email address,
  • Password,
  • Billing and shipping address.

Optional details such as telephone and fax numbers can be stated, so we can contact you in case of queries also using these.

As part of the payment process, we collect and process the necessary payment data according to the payment method you have selected. When paying by credit card, these are the card number, the expiration date and the security code (“CVC”). In the case of payment by electronic direct debit, these are the name of the account holder, the IBAN and the BIC or SWIFT.

If you choose payment via Stripe Payment Europe Ltd. (The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, www.stripe.com, “Stripe”), an external payment service provider, data that are necessary for billing such as credit card data will be collected, processed and used by Stripe for this purpose only. Stripe is certified to PCI DSS. Stripe may process your Data in the USA. For further information please see Stripe’s privacy policy on https://stripe.com/de/privacy.

The collection and processing of this data is necessary for the purpose of fulfilling the contract with you for the purchase of our products. We only process your data to the extent necessary for this purpose. The legal basis of the data processing is Art. 6 para. 1 lit. b GDPR.

2.2 Customer support

When calling the customer support hotline or sending e-mails to our customer support, ubitricity DES UK Ltd. may process the following data for your inquiry and to fulfill our contractual obligation under our contract with you on the provision and use of the SmartCable and related services.

  • E-Mail address
  • Telephone number
  • Charging events data (date, time stamps of beginning and end of the charging process, charged kWh, location of charging process, ID-number of charging event, cost per charging event, statistics of charging events and costs)
  • ID-number of SmartCable and used SimpleSocket
  • Billing data
  • Customer address
  • Any other relevant data provided through telephone or e-mail by you

The legal basis of the data processing is Art. 6 para. 1 lit. b GDPR.

2.3 CleverPortal

After purchasing the SmartCable and related services, we will create a profile for you on our customer portal “CleverPortal” in order to fulfill our contractual obligation under our contract with you on the provision and use of the SmartCable and related services. Our Customer support will provide you with the login data, so you can monitor your power consumption and you have an overview of your contract data. For this purpose, following of your personal data will be processed:

  • Login data (login name, password), contact data (title, first and last name, address, country, email-address)
  • Portal data (language settings, time zone, location of browser, value added tax)
  • Charging events data (date, time stamps of beginning and end of the charging process, location of charging process, ID-number of charging event, cost per charging event, statistics of charging events and costs)
  • Contract data (invoices, contract number, contract term, electricity rate, name of device, device ID of used Smart Cable, meter number).

The legal basis for this processing is Article 6 para 1 lit b GDPR.

2.4 Charging and billing

When charging with the SmartCable, ubitricity DES UK Ltd. will process the following data to fulfil our contractual obligations under our contract with you on the provision of our services to enable and invoice the charging process:

  • E-Mail address
  • Charging events data (date, time stamps of beginning and end of the charging process, charged kWh, location of charging process, ID-number of charging event, cost per charging event, statistics of charging events and costs)
  • ID-number of SmartCable and used SimpleSocket
  • Billing data
  • Customer address

The legal basis of the data processing is Art. 6 para. 1 lit. b GDPR.

As part of the payment process, we collect and process the necessary payment data according to the payment method you have selected. When paying by credit card, these are the card number, the expiration date and the security code (“CVC”). In the case of payment by electronic direct debit, these are the name of the account holder, the IBAN and the BIC or SWIFT.

The collection and processing of this data is necessary for the purpose of fulfilling the contract with you for the purchase of our products. We only process your data to the extent necessary for this purpose. The legal basis of the data processing is Art. 6 para. 1 lit. b GDPR.

If you choose payment via Stripe Payment Europe Ltd. (The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, www.stripe.com, “Stripe”), an external payment service provider, data that are necessary for billing such as credit card data will be collected, processed and used by Stripe for this purpose only. Stripe is certified to PCI DSS. Stripe may process your Data in the USA. For further information please see Stripe’s privacy policy on https://stripe.com/de/privacy. The legal basis of the data processing is Art. 6 para 1 lit. b GDPR.

2.5 Customer Experience Surveys and Customer Experience Research

ubitricity DES UK Ltd. may ask you to participate in customer experience surveys and may analyze your charging data. ubitricity DES UK Ltd. is doing this based on your consent to this privacy policy and the legitimate interest to improve services. If you consent, the following data will be processed:

  • E-Mail address
  • Survey answers (such as contact details, charge data, customer satisfaction)
  • Data of the charging session (kWh, location, time, and duration of charging event)
  • Data of previous charging sessions, for which the SmartCable was used.
  • Data of previous direct access charging sessions, which were ordered with the same E-Mail address.
  • Any other data provided through the survey by you

The legal basis of the data processing is Art. 6 para. 1 lit. a and f lit. f GDPR.

3. Disclosure of data

A transfer of the data collected by us takes place only if:

  • You have given your express consent to this according to Art. 6 para. 1 lit. a GDPR
  • It is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.
  • We are required by law to disclose in accordance with Art. 6 para. 1 lit. c GDPR
  • Disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR required to assert, exercise or defend legal claims and no reason stands to assume that you have a predominantly legitimate interest in refraining from passing on your data,

Where this is necessary in order to provide you with our charging services and, thus, fulfill our contractual obligations resulting from the respective contract we have concluded with you, and insofar as permitted under law, we may share your pseudonymised data (i.e. place, duration and amount of any charging activity performed by you) with competent local government agencies in charge of charge points as well as with the TfL, London Councils and Greater London Authority.  Legal basis for such transfer of your data is the necessity of which for fulfillment of our contract with you on the provision of our charging services according to Art. 6 (1) b) GDPR.

In addition to the service providers mentioned in this privacy policy, your data may be transferred by us to the following of our service providers for the services set out as follows this may include, but is not limited to:

In addition, it may be disclosed in connection with government inquiries, court orders and legal proceedings if required for the prosecution or enforcement.If we transfer data to our above-mentioned service providers, they may only use the data to fulfill their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of the persons concerned and are regularly monitored by us.

Where data is transferred outside of the European Economic Area and the United Kingdom of Great Britain and Northern Ireland either Standard Contractual Clauses (SSC) or Binding Corporate Rules (BCR) are in place or the European Commission has ruled that the country ensures an adequate level of protection.

4. Data retention time

As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete or anonymize the data, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.

For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time.

With respect to any of your data that we collect and process based on your respective consent in the context or our Customer Experience Surveys and Customer Experience Research, such data will be stored by us for 4 years or – prior to that- until you withdraw your consent to the processing of your data as described in this paragraph, unless continued processing of your data is required and permitted under applicable statutory data privacy law.

Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.

5. Your rights

You have the right to request information about the processing of your personal data by us at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you. If data stored by us should be incorrect or out of date, you have the right to have this information corrected. You may also request the deletion of your data. If deletion is not possible by way of exception due to other regulations, the data will be blocked so that they are only available for this legal purpose. You can also limit the processing of your data, such as: For example, if you believe that the information we hold is incorrect. You also have the right to data portability, this means that we will send you a digital copy of the personal data you provide on request.

To exercise your rights as described here, you can always use the contact details above. This also applies if you wish to receive copies of warranties to demonstrate adequate data protection.

In addition, you have the right to object to data processing, which is based on Art. 6 para. 1 lit. e or f GDPR. Finally, you have the right to complain to the Data Protection Authority responsible for us. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged breach. In UK the competent supervisory authority is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, U.K.

6. Right of revocation and opposition

In accordance with Article 7 para. 2 of the GDPR, you have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and that, in your opinion, speak in favor of your legitimate interests. If it concerns an objection against the data processing for purposes of the direct advertisement you have a general right of objection, which is implemented also without the indication of reasons for us.

If you would like to exercise your right of revocation or objection, it is sufficient to send an informal message to the above-mentioned contact details.

7. Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as against access by third parties. These are adjusted according to the current state of the art. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you provide.

8. Changes to the data protection policy

Occasionally, we may update this privacy policy, for example, when we adapt our website or change the legal or regulatory requirements.

Version: 2.0 / Status: August 2020

Background element Background element Background element Background element Background element Background element Background element Background element
?
Get in contact Request information