Privacy Policy for „CB Energy Framework“

The confidentiality and security of processing personal data, as well as compliance with applicable data protection regulations, are of utmost importance to us. We have reviewed our processes to ensure that they are in accordance with the General Data Protection Regulation (GDPR). With this privacy policy, we inform users of the CB Energy Framework (hereinafter referred to as the "FRAMEWORK") about how their personal data is processed during the use of the FRAMEWORK.

1. Name and Contact Information of the Person responsible

You can contact our Data Protection Officer via the email address: datenschutz@chargebyte.com.

2. Definition of Terms

The CB Energy Framework (hereinafter referred to as "FRAMEWORK") consists of a server application (CORE) and a client application (APP), where CORE is part of the firmware of the charging station, and the APP serves as an application for visualization and control (Human Machine Interface). The core functionality is implemented in CORE.

• End Device: The smartphone/tablet on which the CB Energy APP is used.
• Charging Station: The charging device running the CB Energy CORE firmware.

3. Which functions does the APP require access to and for what purposes

The APP requires access to your end device's storage to store data received from the charging stations.

Additionally, the APP needs access to the local network and Bluetooth in order to connect to the charging stations (CORE). Depending on the operating system of your end device, the APP may also require permission to access location data on your device to enable the use of Bluetooth and local network functions.

We regularly conduct product updates for the FRAMEWORK. In order to perform these updates, we collect technical information from your end device, specifically IP addresses, MAC addresses, CPU numbers, and system UUIDs, which are necessary for unique identification within the update management system. This data is transmitted from both your end device and the charging station to one of our servers, where the stored version on your device is checked to determine if an update is required. This process ensures that you always have access to a secure and up-to-date APP. The legal basis for this is the fulfillment of our contractual obligations pursuant to Art. 6(1)(b) GDPR:

You can also contact us through the APP to initiate a support case. For this purpose, your first name, last name, email address, CPU ID, and a description of the issue will be transmitted to us. If required for support, you will be explicitly asked whether you consent to remote maintenance with access to your charging station. The personal data collected during the handling of your support request will be stored on our servers along with your hardware identification data to better assist with any potential future issues and to document the support activity. Additionally, a description of the support representative’s actions will be saved in the system. This data will be deleted within three months after the successful resolution of the issue. If you consent, the support representatives may gain access to additional personal data associated with the FRAMEWORK.

Part of the support services may involve network scans of the local network to identify other devices or to diagnose issues when communication between the charging station (CORE) and third-party devices (such as charging stations, inverters, and energy meters) is faulty. The data collected during this process will remain on your charging station and will not be stored on our servers. The purpose of this data processing is the proper provision of maintenance services and their documentation. The legal basis for data storage within the scope of maintenance services is your consent provided with the support request, as well as, where applicable, any additional consent for remote access, in accordance with Art. 6(1)(a) GDPR. You may revoke this consent at any time with future effect. Data storage following support services for the purpose of documenting the support activities is based on our legitimate interests under Art. 6(1)(f) GDPR. Our legitimate interests lie in being able to assist you efficiently in the event of recurring issues and in documenting our support activities for potential future legal disputes.

For documentation purposes only, the service technician will describe the problem and log it in a ticketing system for further internal processing. This data will be automatically deleted within three months after the successful resolution of the issue. The purpose of this storage is the proper provision of maintenance services as well as the documentation of the service provided and fault analysis. The legal basis for this is Art. 6(1)(b) and (f) GDPR.

We do not collect tracking data or other information regarding your specific use of the APP.

4. SDKs Used

Various Software Development Kits (SDKs) were used during the development of the APP to integrate different services and functionalities. Some of these SDKs process personal data and may establish a connection to the provider of the SDK when the APP is opened. We do not use the SDKs to track user behavior. The following SDKs were utilized:

• Qt – an SDK used to create graphical user interfaces and as a cross-platform interface.
• Firebase (without analytics) – an SDK that provides access to various Firebase tools for app development.
• Android SDK – an SDK that offers various development tools for integrating the app on Android systems.
• Apple XCode / iOS SDK – an SDK that provides various development tools for integrating the app on Apple/iOS systems.

5. Recipients or Categories of Recipients of Personal Data

The FRAMEWORK is an edge-based product, meaning that all operational functions are fully contained within your charging station, and no data is transmitted to cloud servers.

When using the APP, data is also exchanged with the respective charging stations (CORE) and your vehicle. This data is also processed locally within the respective charging station. For information on how your vehicle provider processes data, please refer to the respective data protection notices of the vehicle provider.

The FRAMEWORK allows you to integrate various third-party end-user applications. Data is only transmitted to these third parties if you choose to integrate the corresponding application. Please consult the data protection notices of the respective end-user application providers to understand what personal data they collect and how it is processed. Chargebyte is not responsible for the processing of personal data by these third-party end-user applications.

In addition, we may share personal data with the following third parties:

• IT service providers, who may act as data processors supporting us in the provision of maintenance and/or support services;
• Address and contract data may be shared with tax advisors, legal counsel, or other consultants who assist us in fulfilling our tax obligations and provide support in legal matters. The transfer of personal data to such advisors occurs only when they are bound by professional confidentiality obligations and is justified under Art. 6(1)(f) GDPR to protect our legitimate interest in obtaining legal advice.

6. No Transfer of Data to Third Countries

We do not transfer personal data to entities in countries outside the EU or the European Economic Area.

7. Data Retention Period

We retain personal data only for as long as necessary for the specified purposes of storage.

For support requests, the personal data collected is stored for up to three months after the successful resolution of the issue, to document the support provided and to access the data in case of follow-up problems.

Personal data related to service provision will be retained for the duration of the standard statute of limitations for potential claims, which is three years from the end of the year in which the contract was concluded.

In addition, we are subject to certain legal retention obligations, for example, those arising from tax law.

8. Your Rights

As a data subject under the GDPR, you have a number of rights, including the following:

• The right to access information regarding the personal data stored about you (Art. 15 GDPR);
• The right to rectify inaccurate data (Art. 16 GDPR);
• The right to have your data erased under the conditions of Art. 17 GDPR;
• The right to restrict data processing (Art. 18 GDPR);
• The right to data portability as outlined in Art. 20 GDPR; and
• The right to object to processing, insofar as it is based on our legitimate interests (Art. 21 GDPR).

If the processing of your data is based on your consent, you may withdraw this consent at any time with future effect.

You can exercise your rights by sending a message via post to the address provided above or by sending an email to the following address: datenschutz@chargebyte.com

If you have any complaints about the processing of your personal data by us, you can also contact a competent data protection supervisory authority. The supervisory authority responsible for us is the Saxon Data Protection and Transparency Officer, which you can reach via the following link: https://www.datenschutz.sachsen.de/beschwerde-einreichen.html

9. Version and Amendments

This privacy policy is effective as of 11.11.2024 and may be amended by us at any time with future effect.