Last update: November 2021
E-GAP S.r.l., in order to properly perform Our work, collect and use information about You and therefore we are committed to protecting and respecting Your privacy. This Privacy Policy (hereinafter, the “Policy“), as set forth in Article 13 of European Regulation No. 679/2016 (hereinafter, “GDPR” – General Data Protection Regulation), describes your rights with respect to the information collected that We process and the measures We take to protect Your data.
Index:
- Data Controller and useful definitions for an informed reading.. 2
- Data Controller. 2
- Legal basis of the treatment. 2
- Which Personal Data do we collect, how do we use it and where do we process it?…………………………………………… 3
- Your Rights 6
- Changes to this Privacy Policy.. 7
1. Data Controller and useful definitions for an informed reading
First of all, you should know that when we talk about “E-GAP” or “We” we refer to E-GAP S.r.l. (C.F. and P. IVA 14253861000), in the person of the legal representative pro tempore, with registered office in Via Parigi, 11 – 00185 Rome, a company that deals with the development, production and marketing of innovative products or services, of high technological value, for the electric mobility in the cities.
E-GAP is the “Data Controller“.
When we speak of “Customer” or “User” we refer to you as the recipient of our services.
With the term “Services” and / or “Products” we mean all the products and services that we offer and that you can purchase through the E-GAP application, or through the Web platforms that we make available to you.
When we refer to “Devices” or “Computers” we mean any technological device, connected to the Net, through which you interact with Us.
Finally, when we speak of “Personal Data” or “Data” we refer both to the data that You provide us directly for the use of our services and to the data that are automatically collected, related to Your interaction with our website and with our App.
When we refer to “Processing” we are referring to the processing of your Personal Data.
2. Data Controller
E-GAP has appointed a Data Processing Manager who can be contacted at the following address e-mail: privacy@e-gap.com.
3. Legal basis of the treatment
As provided for in Article 6 of the GDPR, E-GAP processes your Personal Data only in the presence of a suitable legal basis provided for by the applicable law on the subject and for the achievement of specific purposes. In particular, the legal basis that legitimizes the Processing of Personal Data provided by you may be:
- your express, free, specific, informed and unequivocal consent;
- the performance of a contract to which you are party or the performance of pre-contractual measures taken at your request; or
- to comply with legal requirements.
In particular, we process your Personal Data for the following purposes:
- to provide you with the assistance you wish to receive, in performance of the obligations arising from the General Conditions, the GDPR and/or the provision of services ancillary and/or related to such contracts. In such cases, please note that, under the GDPR, the acquisition of your consent is not required if the processing is necessary for the performance of obligations under the contract to which you are a party, or if the processing is necessary to fulfill – prior to the conclusion of the contract – your specific requests or for the execution of pre-contractual measures;
- when you register on our website and on our App, by creating your profile (your account) you will allow us to process your requests, provide you with our Services and communicate with you via chat, SMS, e-mail or telephone in order to perform said Services by responding to your requests;
- in some cases, to carry out an action in the public interest and, when we use particular categories of Personal Data, to initiate, prosecute or defend legal proceedings, or when the processing involves Personal Information that is manifestly in the public domain;
- as our business continues to develop, we may sell or buy other companies or services. Generally, in such transactions, customer data is part of the business assets being transferred but remains subject to the content of the preceding Privacy Policy that may apply (unless, of course, the client agrees otherwise).
4. Which Personal Data do we collect, how do we use it and where do we process it?
By reason of the Services we offer, we may only process your Personal Data if you are at least 16 years old.
also, we do not sell your Personal Data to third parties and process it primarily within the European Union. Whenever Personal Data is transferred outside the European Union, we will ensure that it is transferred in accordance with this Policy and applicable laws.
We receive and retain any Data you provide to us in an informed, unequivocal, specific, and free manner in connection with the Services we offer. You may choose not to provide certain Data but, if you do, you may not be able to take advantage of some of our Services.
You provide us with your Data voluntarily when you download and use our App on your device and when you enter it in the “my profile” section (my account). When you configure your device settings by providing permissions to access Data – such as, for example, your geolocation – you may communicate with us by phone, email, or chat (including within the App), or fill out a form requesting our help.
The Personal Data you provide to us through interaction with your device on our website or App are:
- your name, email address, and phone number;
- your job and position;
- if you wish to invoice for Services in the name of a legal entity, your company details;
- Documents relating to your identity and possibly your company;
- e-mail addresses of your friends and other people you think may be interested in our Services;
- the contents of reviews and emails sent to us;
- log files and configurations of your device, including wi-fi credentials, if you choose to automatically synchronize them with your other devices;
- the data required to make payments for any Services requested.
Please note that all the Data listed will be required to enable us to provide the Services, only if you request it.
4.1 Automatic collection of some Data
The Personal Data we automatically collect, and use are:
- your internet protocol (IP) address when you connect to internet;
- your email address and password you choose to access our Services;
- information about your Computer, Device and connection, such as device applications or browser type and version, operating system or time zone setting;
- the location of your Device or Computer;
- the telephone numbers you use to call us and your interaction with the content on our Website.
We use personal information for direct email marketing if you have accepted this option on the relevant contact form. You can opt out of receiving any more marketing communications when you wish. To learn more, please also read the section on Cookie Policy.
4.2 Use of Personal Data
Personal Data will be collected and processed by us for the following purposes:
- we use your personal information to receive and process your requests, provide our Products and Services, and communicate with you about the Products, Services, and any promotional offers
- to provide the Services that you have requested through registration on the website and the creation of your account;
- to provide certain “additional services”, including through the assistance and/or collaboration of third party suppliers;
- to provide you with assistance when you request it by contacting us via e-mail, chat or telephone;
- to tailor content and resources to your preferences and the preferences of other Users;
- to communicate with you, respond to your requests or questions via phone, chat or email;
- to send you other information and email communications that may be of interest to you;
- to create, publish and improve content that is most relevant to you and other Customers;
- to ensure that the content provided through our website is presented in the most effective manner for you, based on your Device;
- to allow you to participate in interactive features of the Website, if you so desire;
- to send push notifications directly to your device;
- to further develop the Website and our systems to provide you with a better Service.
You are under no obligation, either by law or by contract, to provide us with your Personal Data. However, since providing and consenting to the use of your Personal Data is necessary for the provision of all our Services and “additional services” that we may offer you, failure to provide and/or consent to the use of your Personal Data will make the provision of the Services and “additional services” impossible, as it is subject to the knowledge of some of your Personal Data, such as, for example, your first and last name, your e-mail address and telephone number, your location, your address, your telephone number, and the name of the person you are contacting..
Where failure to provide certain Personal Data makes it impossible for us to provide the Service or to provide you with the information you request, the Data you must provide will be marked as mandatory (* Mandatory Fields).
The use of the Personal Data described above is permitted by the GDPR, based on:
- necessary for our legitimate interests in pursuing the above purposes. These interests, in any case, do not conflict with your right to privacy;
- necessary – in some cases – to fulfill our legal or regulatory responsibilities, for example in case of communication to authorities, governmental or regulatory bodies;
- necessary – in some cases – to carry out an action in the public interest and, when we use particular categories of Personal Data, necessary to initiate, prosecute or defend legal proceedings, or when the processing relates to Personal Information that is manifestly in the public domain;
- in limited circumstances, and with your express consent, to send you news and marketing communications via email or telephone.
If you wish and, therefore, with your express consent, your Personal Data may be used for advertising and promotional purposes regarding our business or that of a third party, in the following ways:
- sending information and newsletters;
- marketing of our Services and/or those of a third party, sending advertising/information/promotional material and participation in initiatives and offers aimed at rewarding our Clients;
- market research, economic analysis and statistics;
- evaluation of usage data and preferences through the use of analytical tools in order to adapt the content to the interests of users and thus improve our offer;
- surveys of customer satisfaction with the quality of the Services provided;
- creation of user profiles;
- for the purposes of carrying out and accounting for any commercial transactions.
4.3 Sharing of Personal Data with Third Parties
We do not sell your Personal Data to third parties.
However, E-GAP may disclose your Data to companies within its group or controlled by it that are subject either to this Policy or otherwise to procedures that provide protections similar to those described in this Policy.
To aid in the efficient use of information and to provide Users with content and/or resources, information may be disclosed to third parties. However, such disclosure will only occur under the following circumstances:
- we use other companies and individuals to perform certain activities on our behalf. For example, to process Your orders, send You paper mail and e-mail, remove recurring information from customer lists, analyze data, provide marketing assistance, provide search results and links;
- we also use third-party vendors to process payments, deliver content, calculate credit risk, and provide customer support services;
- we disclose account and other personal information when we believe such disclosure is required by law; to enforce or apply our Terms of Use and Sale and other agreements; or to protect the rights, property, and safety of E-GAP, our customers, or others. This includes exchanging information with other companies and organizations that provide fraud prevention or credit risk reduction;
- on our web pages we have bound the use of so-called “social plug-ins” of social networks such as Facebook, Twitter, and Google+ to the following conditions. When browsing our website, the social plug-ins are deactivated, i.e., they do not send any data to the operators of the respective social networks. If you want to use one of the social networks, you must click on the respective social plugin to establish a connection with the corresponding server. If you have a user account with the social network and you are logged in when activating the social plug-in, the social network can associate your visit to our web pages with your user account. If you want to prevent this, you must log out of the social network before activating the social plug-in. If you activate a social plug-in, the social network transmits the content made available directly to your browser, which then links it to our website. In this case, there may also be data transmission initiated and managed by the respective social network. Your connection to a social network, data transmissions between the social network and your system and your interactions on this platform are exclusively subject to the data protection regulations of the respective social network. The social plug-in will remain active until you deactivate it or delete your cookies.
These third-party service providers have access only to the Personal Data that is necessary for the performance of their activities, but they will not be able to process the Data they learn about for any other purpose. In addition, these third-party service providers are required to process all Personal Data of which they become aware in accordance with this Privacy Policy and applicable regulations.
In cases other than those listed above, Your Personal Data will be shared with third parties only with Your explicit consent and You will have the opportunity to choose whether or not to allow further third-party communications.
4.4 Data Processing
Your Personal Data may be transferred to, and processed in, one or more countries within or outside the European Union.
Whenever Personal Data is transferred outside the European Union, we will ensure that it is transferred in accordance with this Policy and applicable laws; in such cases, your Personal Data will remain bound to the purposes for which it was collected, in strict confidence and security. In addition, in the event that Data is transferred to countries outside the European Union that are not deemed adequate by the European Commission according to the parameters of privacy protection, we will ensure that – in each case – the parameters of this Policy are met or that at least one of the conditions set out in Article 49 of the GDPR is met.
4.5 IP addresses and cookies
We collect information about the Computer and your Device, including (where available) IP address, operating system, and browser version, for system administration. This is statistical data about our Users’ browsing actions and behaviors.
For the same reason, we may obtain information on Users’ use of the Internet in general, by means of a cookie file, generated by the server, and stored on the Device, in full respect of your privacy.
Cookies help us improve the Site and provide better content and make it more targeted according to your preferences. There are different types of cookies, (i) the “essential” ones that do not require your consent, such as session and functional cookies, without which it would not be possible to safely navigate the site and obtain the requested service, and (ii) the “consensual” ones that require explicit consent and can be disabled by you at any time from your device.
For more information about our use of cookies on the site, please see our Cookie Policy.
4.6 Data Security. Where Personal Data is stored and processed
We are committed to taking all steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy.
As explained in section “4.3 Sharing of Personal Data with Third Parties”, we share your Data with third party suppliers, contractors, or agents, but – even when we use them – the Personal Data remains under our control, while still ensuring that it is adequately protected.
E-GAP has designed all systems through which your Personal Data is collected, stored, and processed to the highest security standards to ensure that your privacy is respected.
All individuals who will participate in the process of processing Data on our behalf have been trained, instructed, and appointed by us to ensure that your privacy is respected.
The software we use is Salesforce and – with respect to the methods and payment of our Services and, therefore, the management of your Credit Card Data – we use Stripe. However, despite the continuous updating of the aforementioned software, nothing is absolutely impenetrable and therefore we cannot guarantee its total security.
From time to time, we may request confirmation of your identity and payment methods again in order to implement our physical, electronic, and internal security measures.
4.7 How long do we store your Data?
We retain your Personal Data to enable you to use the Services on an ongoing basis and for as long as necessary to provide you with the Services you have requested, as well as to comply with anything else set out in this Privacy Policy, such as for tax and accounting purposes or – subject to your consent – for our business purposes.
In addition, we keep your transaction history so that you can review the purchases you have made and where you have requested our Services to be provided.
4.8 Do we process your Data using an automated process?
E-GAP may process your Data through automated systems/processes and automated decision making (such as profiling) to provide you and our Customers with the Services you requested in the best way possible. For example, in order to implement the Services in the areas with the highest demand for our intervention, we may perform an automated profiling process to identify the areas where we should focus.
5. Your Rights
Pursuant to Articles 15-22 of the GDPR, to which we refer for further discussion, you have the right to:
- access and obtain a copy of your Personal Data;
- request the rectification of your Personal Data. In fact, where you are able to demonstrate that the Personal Data we hold about you is not correct, you have the option to request that we update or rectify such Data;
- request the deletion and/or oblivion of your Personal Data. In certain circumstances, you have the right to have your Data erased and the request can be made at any time; E-GAP will consider whether it can be granted; however, this right is subject to legal obligations that may require us to retain the Data;
- obtain the restriction of the processing of your Personal Data;
- if technically feasible, you may obtain Personal Data relating to you in a structured, commonly used, machine-readable format and transmit it to another data controller without any restrictions;
- oppose the processing.
To the extent that the processing of Personal Data is based on your consent, you also have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of any processing based on consent given prior to such withdrawal.
You may also file a complaint regarding the processing of Personal Data with your local Privacy Guarantor.
6. Changes to this Privacy Policy
The terms of this Privacy Policy may change from time to time. We will post any material changes to this Privacy Policy on our website or by contacting you through other channels.
Questions, comments, and requests regarding this Policy are welcomed and should be addressed to E-GAP S.r.l., at the following e-mail: privacy@e-gap.com.