Vassbotnen 23, 4033 Stavanger, Norway
Company registration number: 920 292 046
At Easee ASA (“Easee”, “we”, “us”, “our”), we are committed to protecting the privacy rights of our customers, vendors, business partners, job applicants, website visitors and other persons we interact or do business with.
Easee collects personal data in connection with product sales and provision of charging services, creation of user profiles in the Easee app/Easee Cloud (portal), use of Easee Pay, provision of customer support and newsletters, and in connection with recruitment processes.
2 CATEGORIES OF PERSONAL DATA, PURPOSE AND LEGAL BASIS
Easee processes personal data about private customers, contact persons of our business customers, suppliers and other collaborating partners, subscribers to our newsletters, users of Easee’s website who have accepted cookies, users of our application and cloud solution and others who contact Easee, e.g., by using the contact form on Easee’s website. If you apply for a vacant position in Easee, we will process your personal data as part of considering your job application.
2.2 How and when we collect personal data
Easee collects your personal data in various ways, such as:
- when you submit information in connection with a purchase of our products or
- when you register a user profile in our app or portal,
- when you interact with our website,
- when you use the Easee app, Easee Pay or Easee portal,
- when we correspond with you via telephone/email/the contact form on our website
- when we receive your personal data directly from you or from your employer or client, in connection with our collaboration with suppliers, business customers or other partners.
- when you apply for a vacant position at Easee
- when you participate in our competitions or promotional prize draws
Please note that you are not obliged to provide personal data to Easee. However, without submitting your personal data, you will not be able to access and utilise Easee’s app or Easee Pay and cloud solution, and Easee will be unable to provide you with customer support or respond to your inquiries.
2.3 Categories of Personal data, purpose, and legal basis
Easee processes different categories of personal data for the following purposes and legal basis:
2.3.1 Web shop sales
When you place an order using our web shop Easee will process personal data about you, such as your name, contact information, credit card and payment information etc. The legal basis for such processing is Art. 6 (1) lit. b GDPR, since the processing is necessary for the performance of a purchase agreement entered into with you when you made a purchase from us, including to deliver your product and invoice the agreed purchase price.
2.3.2 Use of Easee’s app or portal (Creation of Easee Cloud Account)
When you use our app or portal Easee will process personal data about you, such as name, phone number and email address of private owners and administrators of a charging station or other products and users with access to a product. Further, the address of and technical information about a site, the products installed on the site, consumption or usage history, customers’ purchase history, serial number, customer number, name and ID of key chips, the approximate location of the product and diagnostics data are processed. If a product is connected to a WiFi network, the network’s SSID and password are processed.
The purpose of the processing is to allow users to gain access to products and installations requiring internal authentication, to administrate installations and charging stations and other products, to enable users to see the product history for an installation, to enable users to see their own charge history, to be able to look up and manage user’s access to a site or product and to enable users to log into the Easee app. The app uses the same login and database as Easee’s cloud solution, and your contact information is connected to the sites and products you have access to.
The personal data we require when you register a user profile is necessary to confirm your identity and prevent your user profile from being misused or duplicated.
The legal basis for the processing is Art. 6 (1) lit. b GDPR, since the processing is necessary to fulfil an agreement with you relating to the use of Easee’s interfaces and cloud solution (e.g. Our End User Terms of Service relating to the use of Easee, Installer app or portal) or an agreement entered into with you when you purchased our product, as well as Art. 6 (1) lit. f GDPR based on our legitimate interest in information technology and data security and providing good customer service, e.g., by offering you the opportunity to update your personal data in the Easee app.
2.3.2 Use of Easee Pay
When you choose to use our Easee pay services, Easee will process personal data about you, including your name, phone number, email address, credit card and payment information, billing address, charging history (including the amount of KWh charged), RFID keys, etc. The purpose of the processing is to enable you pay for EV charging sessions. We use Adyen as a third-party payment processing and acquiring company to collect and process payment information.
If you submit payment information, we will share with Adyen information such as your encrypted debit/credit card details, bank account details (if submitted), payment details, billing address, device fingerprint, IP address, currency etc. For some of the information’s, Adyen acts as a data processor under the relevant data protection laws and processes your information on our behalf. In addition, Adyen may process your personal data as a data controller to provide acquiring services, comply with legal obligations or perform “Know your customer” checks. Further information on Adyen data protection practice.
The legal basis for the processing is Art 6(1) b of the GDPR, since the processing is necessary to fulfill an agreement with you relating to the use of Easee Pay for EV Charging payments (e.g. Easee Pay End User Terms of Service).
2.3.3 Customer Support
When you submit support requests relating to Easee services, we will process personal data about you, such as product number, customer name, address, location, and any other personal data included in your inquiry. By interconnecting various non-sensitive personal data such as the abovementioned, Easee will be able to provide customized customer support. The legal basis is Art. 6 (1) lit. b GDPR, where the processing is necessary for performance of a contract with you. This processing of your data otherwise occurs on the basis of Art. 6 (1) lit. f GDPR, based on our legitimate interest in providing you the best possible customer support.
2.3.5 Respond to other inquiries we receive
When you contact us for any other inquiry (other than customer support) or to make complaints relating to our services, Easee will process personal data such as name, email address and/or phone number and any personal data included in the inquiry or a complaint. The purpose of the processing is both to handle and document the inquires or complaints. The legal basis of the processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest to assert your identity and effectively handle inquiries or complaints.
2.3.6 Administration of our relations to business customers, suppliers and other partners
If you are the contact person at our customers, suppliers, or other partners, Easee will process your personal data such as name and contact information ,in addition to personal data contained in contracts, ongoing commercial correspondence, invoices, minutes of meeting etc., for relation or contract management purposes. The legal basis of the processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest to administer our relations to business customers, suppliers and other partners, including to communicate with our contact persons.
2.3.7 Provision of newsletters
If you wish to receive newsletters, Easee will process your personal data such as name and email address, provided that we have the legal basis to do so. The legal basis of the processing is Art. 6 (1) lit. a GDPR, your consent to receive newsletters from us. You may withdraw your consent at any time through the Easee cloud or by contacting us using the contact details provided in this policy.
2.3.8 Improvement of Easee’s services
Easee will process your personal data contained in technical analyses, logs and information on the use of the Easee app or Easee portal for the purpose of generating statistics and analyses, in order to improve our services and enhance the user experience, as well as ensuring the stability in our services. Personal or technical data from your devices used for such purposes are aggregated and anonymized, such that you may not be identified as an individual person based on the statistics or analyses generated as a basis for the improvement of our services.
Please note that some of our products are equipped with position sensors enabling us to identify where the product is installed. Even though you have not provided us with your address in the user profile, we will be able to identify the products’ position through their cellular connection. This information is required for safety reasons and will only be used for troubleshooting and product development purposes.
The legal basis for the abovementioned processing is Art. 6 (1) lit. f GDPR, our legitimate interest to optimize and ensure the stability and safety of our services.
If you are located in Germany and have given consent to the processing of data from position sensors as described above, the legal basis is Art. 6 (1) a GDPR (Consent).
2.3.9 To improve our website, and to enhance the user experience
2.3.10 Recruitment for vacant positions
If you applied for a vacant position at Easee, we will process your personal data such as CV, school reports, application letters, certificates, references and other information you may provide. The consequence of not providing such information is that we may not consider your application or offer you a position in Easee. The personal data are collected from the applicant or from the references provided. The legal basis for such processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest to assess your qualifications and suitability for a job you apply with us and to communicate with you in the recruitment process and document our employment process. By applying for a position in our company and sending us documentation, we consider you to request our assessment of the provided documentation, to carry out interviews and call your references with a view to enter into an employment agreement. In addition, if you have given your consent to store your information for longer than a year for potential future vacancies, the legal basis is Art. 6 (1) a GDPR (Consent). You may withdraw your consent at any time by contacting us using the contact details provided in this policy.
2.3.11 Compliance with statutory requirements and legal obligations
We will also process your personal data to comply with our statutory obligations under the applicable accounting or other legislation and with orders from public authorities. In this case, the legal basis of the processing is Art. 6 (1) lit. c GDPR, necessary to comply with applicable legal requirements that we must follow.
2.3.12 Ensuring the rights of Easee or third parties
In some cases, Easee will process your personal data such as name, email address, charging history and others in order to establish, exercise or defend legal claims we believe to have, or that are directed towards us by customers, suppliers, partners, other third parties or public authorities. The legal basis of the processing is Art. 6 (1) lit. f GDPR based on our or third parties legitimate interest to establish, exercise or defend legal claims for the enforcement of our rights or the rights of third parties.
2.3.13 To enable Participations in competitions and promotional events
If you wish to enter competitions or promotional prize draws, Easee will process your personal data such as name, email address and contact details provided that we have the legal basis to do so. The legal basis of the processing is Art. 6 (1) lit. a GDPR, your consent to enter the competition or promotional events, including prize draws. You may withdraw your consent at any time through the Easee cloud or by contacting us using the contact details provided in this policy.
3 SECURITY, RETENTION, AND TRANSFER OF YOUR INFORMATION
Easee values your privacy rights and has taken reasonable steps to protect the users’ privacy, including by implementation of physical, technical and organisational measures, to prevent loss, alterations, theft and unauthorized access to information stored and otherwise processed.
Easee will store your personal data as long as it is necessary to fulfil the purposes for processing as defined above and will as a main rule delete personal data within three years after termination of the contract for use of Easee’s app, pay and/or cloud solution or upon the individual user’s request.
Emails from customers that are sent to our support email address will be stored up to three years from the date the matter was resolved.
If the legal basis for the processing of personal data is consent, Easee will cease the processing of personal data if the consent is withdrawn. You may withdraw your consent at any time.
Job applicants’ personal data will be stored during the recruitment process. If the applicant is not employed in Easee, the personal data will be deleted within 12 months from the position was filled, unless the job applicant has consented to a further storage period.
However, please note that continued storage of personal data may be necessary due to statutory obligations to which Easee is subject, e.g., storage for accounting purposes, or due to Easee’s legitimate interests, e.g., for the purpose to establish, exercise or defend a legal claim. In those, circumstances, Easee will make sure only limited and necessary personal data will be processed.
Anonymised information, i.e., information that cannot be linked to a natural person, may also be subject to continued storage.
Transfer of personal data
When you use our products and services, your personal data may be subject to processing or storage outside the EU/EEA, including in the United States. In such cases, Easee will ensure that the personal data is subject to appropriate safeguards, including using only companies self-certified under the EU-U.S Data Privacy Framework or entering into EU Standard Contractual Clauses with the recipients of the data. Please contact us if you require further information.
4 FOR WHOM WE DISCLOSE YOUR INFORMATION
Easee will only disclose personal data to third parties to the extent Easee has legal basis for such disclosure. Where relevant, we will disclose your personal data for the following recipients:
4.1 Other Companies within the Easee Group:
To the extent necessary to fulfill any of the purposes stated in section 2.3 above, your data is shared with other companies and subsidiaries within the Easee group. Currently, all Easee group companies and subsidiaries are located within the EU/EEA.
4.2 Service providers:
Easee uses third parties (data processors) to collect, store or otherwise process personal data on our behalf, including in relation to our hosting services etc. Such third parties also include our social media providers, as clarified in section 6 below. The relationship to such suppliers is governed by a data processor agreement, which among other things ensures confidentiality and information security for your personal data.
4.3 Public authorities:
Easee may disclose personal data to public authorities in order to comply with statutory requirements or orders from the authorities, e.g., to comply with obligations under the applicable accounting or tax legislation. The relevant government agency will be data controller for the personal data disclosed in such instances.
4.4 Partners and others:
we may also disclose your personal data to affiliates of Easee, business partners or other collaborators for business proposes. If necessary and lawful, we may disclose your personal data to our advisers or other relevant third parties in certain circumstances, such as in connection with disputes.
5 OWNERS AND ADMINISTRATORS OF PROFESSIONAL CHARGING SITES
Please note that when you use a professional charging site, your historic log and user data relating to the charging session will be processed by the owner or administrator of that charging site. The user data contains personal data such as name, Easee key alias, email address and phone number.
Such data are usually processed for invoicing and for statistical and technical purposes, including ensuring charging stability and similar. The relevant professional charging facilities are the data controller for their processing of such personal data. Please contact the charging facilities for further information on their processing of your personal data.
6 LINKS TO THIRD PARTY WEBSITES, SERVICES AND SOCIAL MEDIA PLATFORMS
7 YOUR DATA PROTECTION RIGHTS
As a data subject, you are entitled to obtain access to the personal data we process about you, request that Easee updates or corrects your personal data and/or withdraw any consent to processing. In some circumstances, you are also entitled to request that your personal data is erased, request restriction of processing or object to processing and/or request data portability. In order to exercise your rights, you may contact Easee by using the contact information stipulated in section 1 above.
You are also entitled to lodge a complaint with the relevant supervisory authority if you believe that Easee’s processing of your personal data is contrary to relevant data protection laws. In Norway, the supervisory authority is Datatilsynet.
8 AUTOMATED DECISION MAKING
We do not use any personal data collected from you for any automated decision-making process (including profiling).
We will obtain your consent before initiating any changes in the processing of personal data that require your consent.
10 GOOGLE TAG MANAGER
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.
We use the Google Tag Manager based on our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools. When using Google Tag Manager, Easee transfers website users IP address to the USA. On July 10, 2023, European Commission approved its adequacy decision for the EU-U.S. Data Privacy Framework. This means Personal data can flow safely from the EU/EEA to U.S. companies that are self-certified under the Data Privacy Framework, without requiring additional data protection safeguards. Google LLC is self-certified under the EU-U.S. Data Privacy Framework.
11 GOOGLE ANALYTICS
Our website and Easee Portal uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.
Google will use this information on behalf of the operator of this website and Easee Portal to evaluate your use of the website, the Portal and to create reports on website and Portal activity. Google will also use this information to provide the website operator with further services related to the use of the website, the Portal, and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
We have concluded a Data Processing Agreement with Google in which we oblige the service provider to protect the data of our customers and not to share them to third parties. Furthermore, Google is self-certified under EU-U.S. Data Privacy Framework. This means that personal data can flow from EU/EEA, specifically from Easee ASA to Google LLC in the U.S. without requiring any additional safeguards.
User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin.
12 GOOGLE ADS REMARKETING
Our website uses Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Provided you have given us your consent, this tool enables the advertising target groups created with Google Ads Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. This means, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account.
To support this feature, Google Analytics collects authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account; follow this link: https://adssettings.google.com/.
As described in section 10 above, Google is self-certified under EU-U.S. Data Privacy Framework, and its processing of personal data is in accordance with EU law (GDPR).
Further information and the data protection provisions can be found in Google’s data protection declaration.
13 FACEBOOK CUSTOM AUDIENCES
We use “Facebook Custom Audiences” on our website, a remarketing tool from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland (hereinafter referred to as “Facebook”).
Facebook Custom Audiences enables us to display interest-based advertisements, so-called “Facebook Ads”, to visitors to our website when they visit the social network Facebook or when they visit other websites that also use Facebook Custom Audiences. A pixel (Facebook pixel) from the provider of the same name, Facebook (see above), is used for this purpose.
By using “Facebook Custom Audiences” in connection with Facebook Pixel, your web browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data that is collected by Facebook through the use of Facebook Custom Audiences. As far as we know, Facebook receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you have a Facebook user account and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook will find out and save your IP address and possibly other identification features.
We use Facebook Custom Audiences for marketing and optimization purposes, in particular to place relevant and interesting ads for you and thus improve our offer and make it more interesting for you as a user. The legal basis for Facebook Custom Audiences and the Facebook Pixel is Art. 6 para. 1 lit. a GDPR (consent).
We have concluded an order processing contract with our service provider Facebook, in which we oblige them to protect our customers’ data and not to pass them on to third parties.
Since personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Paragraph 2 lit. c GDPR.
Furthermore, Facebook (Meta Platform Inc) is self-certified under EU-U.S. Data Privacy Framework. This means that personal data can flow from EU/EEA, specifically from Easee ASA to Meta in the U.S. without requiring any additional safeguards.
In addition, you can deactivate cookies, which are used for range measurement and advertising purposes, via the following websites:
We would like to point out that this setting will also be deleted if you delete your cookies.
Last updated: 21.09.2023