Data Privacy

1. Scope of Application

The following data protection guideline is applicable to eco-volta AG. It also applies to divisions and subsidiaries of ecovolta AG that have been founded or will be founded in the future.

2. Legal Basis Data Processing

This privacy policy informs you about the nature, scope and purpose of the processing of personal data within ecovolta AG (hereinafter referred to as "we" or "us") and our affiliated domestic and foreign companies. It applies integrally on- and offline and regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile). As a Swiss company with a European orientation, we adhere to the data protection regulations of both Switzerland and the European Union. In order to always remain technically as well as legally up to date, training and further education as well as training of our employees are of great importance. As a business partner and user, you can be sure that we produce secure and high-quality products, and that your data will always be treated securely, legally and confidentially.

For the legal terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the European General Data Protection Regulation (hereinafter DSGVO).

The term "business partners and users" includes all categories of persons affected by data processing. In particular, they also include interested parties and other visitors to our offers, both online and offline. The terms used are to be understood as gender-neutral.

The processed personal data of business partners and users include the following

1. Inventory data (e.g. names and addresses of business partners and users),
2. Contractual data (e.g. services used, names of clerks, payment information),
3. Usage data (e.g. web pages visited on our website, interest in our products) and
4. Content data (e.g. entries in the contact form, energy consumption data, billing data on energy consumption, energy data).

We point out that the processing of personal data is intended only for the provision of our services. For the receipt of the newsletter, a double opt in solution is implemented, which always allows us to track your consent and, if necessary, to prove it before supervisory authorities or to delete it in case of revocation.

3. Security Measures

We take various technical, organizational and contractual security measures in accordance with the state of the art. This is to ensure that both Swiss and European data protection regulations are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Safety measures include, in particular:

1. The encrypted transfer of data between your end devices and our server.
2. For this purpose, we use asymmetric 256-bit encryption, the most secure technology on the market today in this area. Of course, we follow the development and adapt our security measures if necessary.
3. The database in which all personal data is stored is also encrypted.
4. Registration for our app or for the newsletter is only possible through double authentication. This way we ensure that only the owner of a valid email address gets access to the app or newsletter. Each newsletter email also contains a link to unsubscribe from the newsletter.
5. All data is stored exclusively in Europe. The GDPR introduced a data protection regime in Europe to improve the security of your personal data and to give you more control over your personal data. Of course we comply with these new regulations.

4. Disclosure of Data to Third Parties and Third-Party Providers

Data is only passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) DSGVO for the provision of our services. If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant regulations. If content, tools or other means from other providers (hereinafter collectively referred to as "third party providers") are used within the scope of this data protection declaration and their named registered office is located in a third country, it is to be assumed that a data transfer to the third party providers' countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place exclusively if, according to the assessment of the EU Commission, the target country can demonstrate an adequate level of data protection, i.e. a so-called adequacy decision according to Art. 45 GDPR exists for the target country. Alternatively, we base our data transfer only on a clear legal or contractual basis.

5. Purpose of Data Processing

In order to provide and optimize services, we process the following data based on Art. 6 para. 1 lit. b DSGVO:

1. Inventory data (e.g. names, addresses and contact details of users).
2. Contract data (e.g. services used, names of contact persons, payment information).

6. Creating a User Account

In order to use our services, you must create an account that gives you access to our software solutions. Depending on the business partner's and user's relationship with us, different software solutions will be enabled and different data required to provide the service will be collected.

7. Account of the Personal Data Processed.

The content and contract data can be viewed through the account, other data related to the website can be requested by sending a request to info@eco-volta.com

During registration, users are provided with the required mandatory information, usually first name, last name and e-mail address. The user accounts are not public and cannot be indexed by search engines.

Within the scope of the registration and later renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, e.g. to protect users from misuse and other unauthorized use. This data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c DSGVO. If additional contracts are concluded between us and our business partners and users, we also store the data required for the fulfillment and traceability of these contracts.

In order to provide the services, configuration, authorization and control data of the controls managed by our cloud system are also stored in an encrypted database. This data is only associated with the controller itself and, since it is generated or used by the controller itself, is also linked to the controller and not to a person (with the exception of the authorization data, which is linked both to a controller and to individual users or their e-mail addresses). Accordingly, in the event of a change of ownership, ownership of this data is transferred to the purchaser along with ownership of the controller.

8. Contacting

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and processing it in accordance with Art. 6 (1) lit. b) DSGVO. The user's details may be stored in our customer relationship management system ('CRM system') or comparable inquiry organization.

9. Comments and Contributions

When users leave comments or other contributions, their IP addresses are stored on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. DSGVO are stored for seven days.

This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be held accountable for the comment or post and are therefore interested in the identity of the author. We expressly reserve the right to delete content that is relevant under criminal law.

10. Collection of Access Data and Log Files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

11. Cookies

For the use of cookies, we refer you to our Cookie Policy.

12. Newsletter

With the following instructions, we inform you about the contents of our newsletter, the registration, dispatch and statistical evaluation procedure as well as your rights. By subscribing to our newsletter, you agree to receive it and to the described procedures.

Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Our newsletter contains information about products, offers, promotions and about our company.

Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

Dispatch service provider: The newsletter is dispatched using "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with the European level of data protection. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

Furthermore, according to its own information, the dispatch service provider may use this data in pseudonymized form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to address them itself or to pass them on to third parties.

Registration data: To sign up for the newsletter, it is sufficient to provide your e-mail address.

Statistical collection and analyses: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether the newsletter is opened, when it is opened and which links are selected. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The analyses serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The use of the dispatch service provider, the implementation of the statistical surveys and the analyses as well as logging of the registration process, are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users.

13. Termination and Revocation of Consent

You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. This will simultaneously terminate your consent to its dispatch by the dispatch service provider and to the statistical analyses. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible for technical reasons. You will find a link to cancel the newsletter at the end of each newsletter. If you have only registered for the newsletter and cancelled this registration, all personal data will be deleted.

14. Integration of Third Party Services and Content

Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they cannot send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. The 'pixel tags' can be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymized information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer as well as be linked to such information from other sources. The following presentation provides an overview of third-party providers and their content, along with links to their data protection statements, which contain further information on the processing of data and, in part, already mentioned here objection options (so-called opt-out).

Third party providers we work with:

1. Maps of the service "Google Maps" of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
2. Videos of the platform "YouTube" of the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

Third-party providers at the request of the customer:

1. If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and the privacy notices of the respective
2. Third-party providers, which are available within the respective websites or transaction applications. We have no influence on the privacy policies of third-party providers.

15. User Rights

While contract and content data can be viewed directly via the app, we will inform you about stored inventory and usage data upon request at info@eco-volta.com. Art. 20 DSGVO is guaranteed at all times as far as technically feasible and in accordance with the legal provisions. In addition, you have the right to correct incorrect data, restrict processing and, under certain conditions, delete your personal data. In the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If you do not agree with the data processing required to fulfill the contract, you have the right to terminate the contract. For our part, we also reserve the right of termination if you object to the provision of data required to provide the service. If you have any questions about your rights, please contact our data protection officer at info@eco-volta.com.

16 Deletion of Data

The data stored by us will be deleted as soon as a user explicitly requests this and the deletion does not conflict with any legal retention obligations. If the user's data is not deleted because it is stored for a longer period on the basis of a clear legal basis, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law. Data may be stored longer due to legal requirements of the customer's country of residence. If the data to be deleted is the basis of a service to be provided by us, this may no longer be guaranteed and the business relationship will be terminated.

17 Right of Objection

You may object to the future processing of your personal data in accordance with the legal requirements in Art. 21 DSGVO. The objection can be made in particular against processing for direct marketing purposes. To do so, send an e-mail to info@eco-volta.com. The objection may lead to the termination of the business relationship on the next possible termination date, provided that the data processing is indispensable for the contractually assured service.

18. Changes to the Privacy Policy

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. If parts are changed to which you have given your consent, you will be informed by e-mail and asked to agree to the changed conditions again. If you do not wish to do so, you have the right to terminate the contract.

You are requested to inform yourself regularly about the contents of the data protection declaration. However, you will be informed of any changes to this privacy policy by e-mail and you will receive the link to the version of the privacy policy that will apply in the future. If you have any questions about this data protection declaration, please contact our company data protection officer at info@eco-volta.com.