Privacy Policy for „CB Energy Framework“

The confidentiality and security of processing personal data, as well as compliance with applicable data protection regulations, are of utmost importance to us. We have reviewed our processes to ensure that they are in accordance with the General Data Protection Regulation (GDPR). With this privacy policy, we inform users of the CB Energy Framework (hereinafter referred to as the "FRAMEWORK") about how their personal data is processed during the use of the FRAMEWORK.

1. Name and Contact Information of the Person responsible

chargebyte GmbH
Bitterfelder Straße 1-5
04129 Leipzig
Deutschland

You can contact our Data Protection Officer via the email address: datenschutz@chargebyte.com.

2. Definition of Terms

The CB Energy Framework (hereinafter referred to as "FRAMEWORK") consists of a server application (CORE) and a client application (APP), where CORE is part of the firmware of the charging station, and the APP serves as an application for visualization and control (Human Machine Interface). The core functionality is implemented in CORE.

3. Which functions does the APP require access to and for what purposes

The APP requires access to your end device's storage to store data received from the charging stations.

Additionally, the APP needs access to the local network and Bluetooth in order to connect to the charging stations (CORE). Depending on the operating system of your end device, the APP may also require permission to access location data on your device to enable the use of Bluetooth and local network functions.

We regularly conduct product updates for the FRAMEWORK. In order to perform these updates, we collect technical information from your end device, specifically IP addresses, MAC addresses, CPU numbers, and system UUIDs, which are necessary for unique identification within the update management system. This data is transmitted from both your end device and the charging station to one of our servers, where the stored version on your device is checked to determine if an update is required. This process ensures that you always have access to a secure and up-to-date APP. The legal basis for this is the fulfillment of our contractual obligations pursuant to Art. 6(1)(b) GDPR:

You can also contact us through the APP to initiate a support case. For this purpose, your first name, last name, email address, CPU ID, and a description of the issue will be transmitted to us. If required for support, you will be explicitly asked whether you consent to remote maintenance with access to your charging station. The personal data collected during the handling of your support request will be stored on our servers along with your hardware identification data to better assist with any potential future issues and to document the support activity. Additionally, a description of the support representative’s actions will be saved in the system. This data will be deleted within three months after the successful resolution of the issue. If you consent, the support representatives may gain access to additional personal data associated with the FRAMEWORK.

Part of the support services may involve network scans of the local network to identify other devices or to diagnose issues when communication between the charging station (CORE) and third-party devices (such as charging stations, inverters, and energy meters) is faulty. The data collected during this process will remain on your charging station and will not be stored on our servers. The purpose of this data processing is the proper provision of maintenance services and their documentation. The legal basis for data storage within the scope of maintenance services is your consent provided with the support request, as well as, where applicable, any additional consent for remote access, in accordance with Art. 6(1)(a) GDPR. You may revoke this consent at any time with future effect. Data storage following support services for the purpose of documenting the support activities is based on our legitimate interests under Art. 6(1)(f) GDPR. Our legitimate interests lie in being able to assist you efficiently in the event of recurring issues and in documenting our support activities for potential future legal disputes.

For documentation purposes only, the service technician will describe the problem and log it in a ticketing system for further internal processing. This data will be automatically deleted within three months after the successful resolution of the issue. The purpose of this storage is the proper provision of maintenance services as well as the documentation of the service provided and fault analysis. The legal basis for this is Art. 6(1)(b) and (f) GDPR.

We do not collect tracking data or other information regarding your specific use of the APP.

4. SDKs Used

Various Software Development Kits (SDKs) were used during the development of the APP to integrate different services and functionalities. Some of these SDKs process personal data and may establish a connection to the provider of the SDK when the APP is opened. We do not use the SDKs to track user behavior. The following SDKs were utilized:

5. Recipients or Categories of Recipients of Personal Data

The FRAMEWORK is an edge-based product, meaning that all operational functions are fully contained within your charging station, and no data is transmitted to cloud servers.

When using the APP, data is also exchanged with the respective charging stations (CORE) and your vehicle. This data is also processed locally within the respective charging station. For information on how your vehicle provider processes data, please refer to the respective data protection notices of the vehicle provider.

The FRAMEWORK allows you to integrate various third-party end-user applications. Data is only transmitted to these third parties if you choose to integrate the corresponding application. Please consult the data protection notices of the respective end-user application providers to understand what personal data they collect and how it is processed. Chargebyte is not responsible for the processing of personal data by these third-party end-user applications.

In addition, we may share personal data with the following third parties:

6. No Transfer of Data to Third Countries

We do not transfer personal data to entities in countries outside the EU or the European Economic Area.

7. Data Retention Period

We retain personal data only for as long as necessary for the specified purposes of storage.

For support requests, the personal data collected is stored for up to three months after the successful resolution of the issue, to document the support provided and to access the data in case of follow-up problems.

Personal data related to service provision will be retained for the duration of the standard statute of limitations for potential claims, which is three years from the end of the year in which the contract was concluded.

In addition, we are subject to certain legal retention obligations, for example, those arising from tax law.

8. Your Rights

As a data subject under the GDPR, you have a number of rights, including the following:

If the processing of your data is based on your consent, you may withdraw this consent at any time with future effect.

You can exercise your rights by sending a message via post to the address provided above or by sending an email to the following address: datenschutz@chargebyte.com

If you have any complaints about the processing of your personal data by us, you can also contact a competent data protection supervisory authority. The supervisory authority responsible for us is the Saxon Data Protection and Transparency Officer, which you can reach via the following link: https://www.datenschutz.sachsen.de/beschwerde-einreichen.html

9. Version and Amendments

This privacy policy is effective as of 11.11.2024 and may be amended by us at any time with future effect.