EO Charging Website Data Protection Notice

Effective Date: 12 February 2024
Version number: 4.0

1. Introduction

Juuce Limited trading as EO Charging (referred to as “we” “our” and “us”) is a company registered in England and Wales under company number 09314212 and is committed to protecting the privacy and security of your personal data. We have developed this privacy notice to inform you of the personal data we collect, what we do with your personal data, what we do to keep it secure as well as the Rights you have over your personal data.

Throughout this notice we refer to data protection legislation which includes the UK GDPR and other applicable laws including (but not limited to) the EU GDPR 2016, the Privacy Electronic Communication (EC Directive) Regulations (“PECR”) 2003 and the e-privacy Directive. This also includes any new or replacement legislation which may come into effect from time to time.

EO Charging is a data controller as we have determined the purposes of why personal data should be collected and processed.

As we are based and headquartered in the United Kingdom (UK) we are registered with the Information Commissioners Office (the ICO) with registration number ZA787899. We also have registered offices in Italy, Australia, New Zealand and the USA.

You can contact our head office using the following details:
Post: 
Tomo House 
Tomo Road
Stowmarket 
IP14 5AY
United Kingdom

Phone: +44 (0)333 77 20383
Email: hello@eocharging.com

We have a Data Protection Officer (DPO) who can be contacted via DPO@EOCharging.com if you would like to raise or discuss any data protection matters, complaints and/or concerns directly to them.

2. Lawful Basis for Data Processing

Data protection legislation requires EO Charging to identify an appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:

• Consent, to register and use our chargers and products (non-commercial customers).

• Contractual Obligation, to take the necessary steps to enter into and conclude contracts of employment.

• Legal Obligation, where needed for tax reasons such as UK HMRC purposes.

• Vital Interests, where needed in case of emergency disclosures and the individual cannot give their consent.

• Legitimate Interests, to help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with.

There may be instances of where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race and ethnicity as examples, but where identified and needed, we will ensure the relevant special conditions are applied and documented where needed.

3. Data Subjects

Due to the different services we offer and our business activities, we may process personal data of the following individuals (“data subjects”):

• Customers

• Commercial clients (including prospective clients)

• Enquirers/complainants

• Job applicants 

• Employees

• Vendor/Suppliers

  
  

The above list is representative and non-exhaustive.

4. Personal Data Collection

We collect personal data through different means such as:

• When you send us an enquiry

• Register as a customer 

• Contact us via telephone, email or letter

• Download and use our Apps

• When you apply for one of our job vacancies

• Through marketing lists

• Contact us on social media

• Through our vendors/suppliers

   

The above list is representative and non-exhaustive.

5. Personal Data Processed

We may process the following sets of personal data:

• Name

• Postal address

• Email address

• Phone number

• Job details

• Recruitment data (including CVs and cover letters)

• IP address

• Product data (e.g. product serial number, charge times, profile data, metadata etc)
  
  

The above list is representative and non-exhaustive.

6. How We Use Personal Data

We may use personal data for various activities (i.e. purposes) which can include the following activities:

• To process orders and answer any product enquires

• Charger installation enquiries and support

• Cloud/App services support

• To send any marketing communications

• Process job applications

• Onboarding of new employees

• Process payments and other financial activities

• To monitor website usage

• Action any data subject right requests

• Seek your views or comments on the services we provide

• Notify you of changes to our services

• Handle an enquiry or complaint you have made
  
  

The above list is representative and non-exhaustive.

For more information to how we process personal data you can contact us as detailed above.

7. EO Charging Mobile Apps

We have available on the Apple Store and Google Market mobile phone apps (which can also be used on tablet devices) to help our customers manage their chargers remotely and help create profiles linked to chargers that are purchased.

Our Apps are made by us and not with or by any external third parties and collect very minimal personal data to what is needed. The apps all require a user’s consent in line with the UK PECR/EU e-Privacy Directive and will not function without a user’s consent.

App data is hosted within our network which is based in the EU.

We have ensured users have control and access to their app data at all times, and if a user decides to delete their profile, our apps will not retain the data and a new account will need to be created. Please note in line with our data retention practices, we only retain data of accounts once deleted for 14 days, after which it is permanently deleted and not recoverable.

Our mobile apps may also send push notifications to inform and alert users if their chargers may be experiencing and faults or to send any important alerts which do not rely on a user’s consent (e.g. new app versions ready to be installed). 

For more information you can contact us using our details above.

8. EO Cloud

We offer an online cloud solution to our customers to help optimise their charging experience. Our cloud solution is hosted in the UK and holds personal data of our users which can include:

• Names

• Contact information (email address and telephone number)

• Charger information (e.g. charger model, serial number)

• Charging and usage information (charge days, times etc)

Our cloud solutions will not process and store any special category personal data at any time.

Our software and production teams within the UK regularly review our cloud solutions to ensure they are accessible and the safety and security of personal data is not compromised.

More information to our cloud offerings can be found via our website or you can contact us using our details above.

9. Call Recordings

Calls into our telephone lines are recorded and held for 90 days and automatically deleted at the end of the retention period. We record calls for training and monitoring purposes. For more information you can contact us using our details above.

10. Recruitment and Criminal Data Processing

We have a separate recruitment privacy notice on our website which details how we process personal data in line with our recruitment activities. We also use recruitment agencies in the UK only to help best place people within our organisation. More information to our use of agencies can be found in our recruitment privacy notice and you can contact us using our details above.

We do not process any criminal conviction or offences data as part of our recruitment selection process, but will carry out a background screening check via a third party.

For more information you can contact us using our details above and view our Recruitment Privacy Notice on our website.

11. Children’s Personal Data

Our services are not designed for children of any age. If we do become aware of any children’s data being processed, we will take all reasonable steps and efforts to remove their personal data where identified.

12. Data Sharing

We do not sell, rent, or lease personal data pertaining to our customers or clients (including prospective’s) at any time.

Due to the nature of our business, there may be times we are required to share data with other departments or members of our organisation. Examples of this can include (but not limited to):

• Customer requests/concerns/complaints

• Recruitment purposes

• Service issues/support including cloud/charger issues
  

We may also share data with our third-party vendors/suppliers as and when needed to help fulfil some of our business activities, such as recruitment as mentioned above.

Please note there may also be instances where we may need to share personal data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.

13. International Data Transfers

Due to the global nature of our organisation, there may be instances where we may need to transfer and share your data with other EO Charging employees or other organisations (e.g. vendors, service suppliers, law enforcement bodies etc.) who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country or in other third countries who may not have robust or similar data protection laws to the UK/EEA. If we need to transfer your information globally where required, we will take steps to ensure that appropriate safeguards are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.

14. Marketing Communications

We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. You can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You can opt out by contacting us directly using our details mentioned above.

15. Social Media

We use social media sites such as Facebook, X (formerly Twitter), LinkedIn and Instagram to share news, updates and for promotional activities as a few examples. Our use of social media enables us to interact with customers (including potential customers), reach new audiences and showcase our products and services as a few examples. When you interact with us on social media through means such as “likes”, “shares” or leaving comments this enables us to see certain social media details (e.g. names, social media handles and photos). We don’t record or copy any social media profiles or details, but you should be aware when interacting with us on social media, other users or viewers can view your profile and any comments/feedback and it is your responsibility to ensure you have set up suitable and appropriate privacy settings for your use of social media.

16. Website Links

This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to a website’s privacy notice when using it.

17. Cookies

We use cookies on our website. More information to cookies can be found in our cookie notice, and you can also change your consent via our website too.

18. Automated Decision-Making

We do not carry out any automated decision-making within our organisation. If this was to change, we will be sure to update this notice and provide details to when this would apply.

19. Data Retention

As a data controller we will retain personal data to provide our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

We will retain personal data for as long as necessary in line with various requirements, such as for example, best practice recommendations (e.g. ICO recommendations), relevant guidelines (e.g. ACAS guidance) or for as long as mandated under specific legislation (e.g. HMRC requirements). We will also determine appropriate retention periods based on our legitimate interests where identified.

At the end of the retention period personal data will be securely deleted or anonymised.

20. What Happens If Our Business Changes Hands?

We may from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.

21. Data Security

As mentioned above we take security of personal data seriously, and we have certifications to various data security frameworks such as Cyber Essentials, Cyber Essentials Plus and ISO 27001, and we review our certifications annually.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.

22. Data Protection Rights

If you are based in the UK/EEA you have several Rights to how an organisation processes your personal data. The Rights are as follows:

• Right to be informed

• Right to access data

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to objection

• Right to portability

• Right not to subject to automated decision making and profiling
  
  

If you would like to exercise any of the above Rights you can do so by sending us a written request using our details mentioned above.

Please note we may ask for ID (e.g. passport scan, drivers license etc) to verify identity where needed. Upon successful verification we will delete and remove all copies of ID received. 

Should we also require extension of time to help fulfil any Right requests, we will be sure to contact requestors as soon as possible with reason(s) why an extension is needed and when Right requests can be fully carried out and completed.

23. Concerns and Complaints

We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.

You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via this link. 

If you are based anywhere within the EEA a list of supervisory authorities can be found via this link. 

24. Review and Updates

We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.