Privacy Policy according to Art. 13 and Art. 14 of the EU General Data Protection Regulation (GDPR)
We provide the English version of our privacy policy as an information service. In case of doubt, the German language version shall always prevail.
1 Responsible body and data protection officer
This privacy policy applies to the following companies
Compleo Charging Solutions GbmH & Co. KG
based at:
Ezzestraße 8
44379 Dortmund
Germany
T: +49 2306 923 70
info@compleo-cs.com
VAT ID: DE362178129
Management board: Dipl.-Oec. Andreas Kostal, Dr. Gregor M. Schmeken, Jörg Lohr, Peter Hamela
Responsible in the sense of. §18 para. 2 MStV: Jörg Lohr
as well as:
Compleo Charging Solutions GmbH
Speisinger Straße 25/12
AT-1130 Vienna
Austria
T: +49 231 53492370
F: +49 2306 923 790
info@compleo-cs.com
VAT-ID: ATU77166326
Management Board: Peter Hamela, Jörg Lohr
Compleo Charging Solutions AG Schweiz
Hardturmstrasse 161
8005 Zürich
Switzerland
T: +49 231 53492370
F: +49 2306 923 790
info@compleo-cs.com
Company identification number UID: CHE-374.216.149
2 Data Protection Officer
You can reach our external data protection officer at
Karsten Schulz
datenschutz@compleo-cs.de
M: +49 151 22631968
3 Website and hosting
3.1 Purposes of processing
We log technical data in the web server logs for each access of our website in order to ensure operational security and to be able to investigate and rectify faults. The access logs of the web servers record which page views have taken place and when. They contain the following data: IP address, date, time, accessed pages, logs, status code, amount of data, referrer, user agent, accessed host name. The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are anonymised in the same way.
3.2 Lawfulness of processing
Art. 6 para. 1f GDPR, our legitimate interest in being able to operate the website securely and to ensure a defined external presentation.
3.3 Recipients or categories of recipients
Our web services are administered within the framework of order processing in accordance with Art. 28 GDPR.
3.4 Storage periods
The anonymised IP addresses are stored for 60 days. Error logs, which record faulty page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.
4 Contact and communication with you
4.1 Purposes of processing
If you contact us by email, contact form, telephone or post, we will process your data to fulfil your request and any subsequent activities that may result. These activities may include: Processing enquiries, applications, service requests as well as maintaining contact, providing advice and advertising our products and services, analysing our processes and taking measures to improve process quality.
In doing so, we process the information you provide to us, such as names, contact details, e-mail addresses and telephone numbers and, of course, the content of your enquiry.
4.2 Lawfulness of processing
The legal basis may be Art. 6 (1f) GDPR, our legitimate interest in communicating with you and processing your enquiry, or Art. 6 (1b) GDPR, to carry out necessary pre-contractual or contractual measures. Where you have given us consent, Art. 6 (1a) GDPR is the applicable legal basis.
4.3 Recipients or categories of recipients
We transmit your enquiries to our corresponding departments and within the group of companies, in the sense of §§ 15 ff. German Stock Corporation Act (AktG) with Compleo Charging Solutions AG, to the Compleo company suitable for your enquiry in each case. Furthermore, we use services of service providers within the scope of order processing according to Art. 28 GDPR, for example to secure e-mail traffic and to comply with quality features as well as to process your service requests. Some of the processing may take place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses are agreed with the respective service providers and special technical and organisational protection measures are provided.
4.4 Storage periods
As a general rule, a deletion process is started when the processing operation is completed. In certain cases, further processing, such as required retention periods, follow the actual processing. For example, e-mails with tax-relevant content are stored in accordance with the statutory retention periods (e.g. 6 years for commercial letters in accordance with the German Commercial Code (HGB), 10 years for tax documents in accordance with the German Fiscal Code (AO)) and then deleted.
5 Cookies
5.1 Purposes of processing
We use the Cookiebot service to use cookies in a legally compliant way. The service gives you the opportunity to object to the setting of certain cookies and to consent to the setting of other cookies. Your preferences are stored in your browser in the form of required cookies.
We use cookies to personalise content and ads, provide social media features and analyse traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the Services.
5.2 Lawfulness of processing
The legal bases for setting cookies are Art. 6 (1f) GDPR for necessary cookies and Art. 6 (1a) GDPR for marketing and analytics functions.
5.3 Recipients or categories of recipients as well as storage periods and administration
If no link to change your consent appears here, please turn off your content blocker.
6 Your application to us
6.1 Purposes of processing
When you send us an application, we process your data to the extent necessary until the application process is completed.
6.2 Lawfulness of processing
Art. 6 (1b) GDPR, to process your application, which constitutes a request for the conclusion of an employment contract, as part of our application process.
6.3 Recipients or categories of recipients
We use services of service providers in the context of order processing according to Art. 28 GDPR to carry out personnel administration.
6.4 Storage periods
In the event of recruitment, required data from your application will be stored in the personnel file. Data that is not required will be deleted. In the event of a rejection, your data will be deleted 2 months after completion of the application process.
7 Social media
7.1 Purposes of processing
We also communicate with you via various social media channels. When using these platforms, the respective data protection declarations always apply as well.
In particular, these are (as of 2023-06-02):
Youtube (privacy policy: policies.google.com/privacy)
LinkedIn (privacy policy: www.linkedin.com/legal/privacy-policy)
Instagram (privacy policy: help.instagram.com/519522125107875)
Twitter (privacy policy: twitter.com/de/privacy)
Facebook (privacy policy: www.facebook.com/policy.php)
Kununu (privacy policy: privacy.xing.com/de/datenschutzerklaerung)
Xing (privacy policy: privacy.xing.com/de/datenschutzerklaerung)
7.2 Lawfulness of processing
Art. 6 para. 1f GDPR, our legitimate interest in carrying out company communications and ensuring a defined external presentation. In some cases, we ask for your consent to carry out processing with third parties. If you give us consent, the processing is legitimised on the basis of Art. 6 (1a) GDPR. You can revoke your consent at any time in our privacy policy.
7.3 Recipients or categories of recipients
The social media platforms listed above, some of which also process personal data in third countries such as the USA. All of these services pass on personal data, for example to commissioned third-party providers for the provision of outsourced services, to authorities if you are legally obliged to do so or if there is suspicion of a violation of the law, and to new business owners in the event of a company acquisition or insolvency.
7.4 Storage periods
In accordance with the privacy statements of the social media platforms.
8 Analytics services
8.1 Purposes of the processing
8.1.1 Google Analytics and Google Tag Manager
This web service uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses so-called cookies, text files that are stored on users' computers and enable an analysis of their use of the website. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymisation is activated on this website, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout;
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.
8.1.2 LinkedIn Insight Tag
We process data to evaluate LinkedIn campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn. To do this, we embed the LinkedIn Insight Tag on our website. You can give and also revoke your consent using our cookie bot.
8.1.3 Salesforce Pardot
For user guidance, we use Salesforce Pardot to track the activities of visitors and potential customers, for example by remembering the settings of form fields when a visitor returns to our website. We also set a cookie for logged-in users to maintain the session and store table filters. The processing takes place in EU data centres as part of our contract processing we have with Salesforce. For more information on data processing, please see Salesforce's Cookie Notice: help.salesforce.com/s/articleView
8.2 Lawfulness of processing
If you give us your consent to processing through the consent tool, the legal basis is Article 6 (1a) GDPR. In other cases, the legal basis Art. 1f GDPR, namely our legitimate interest in carrying out an anonymous range measurement and optimizing user guidance in order to make visiting the website as pleasant as possible, may apply. You have the option to object to this processing using the cookie consent solution Cookiebot. For processing that cannot be legitimised on the basis of our legitimate interest, we request your consent via the Cookiebot, which you can revoke at any time in the "Cookies" section of this privacy policy.
8.3 Recipients or categories of recipients
As described under "Purposes of the processing", the recipients are Google Inc. in the context of an order processing and LinkedIn. You can find the data protection declaration for Google Analytics here: support.google.com/analytics/answer/6004245, and the data protection declaration for LinkedIn here: https://www.linkedin.com/legal/privacy-policy.
8.4 Storage periods
The personal data of this processing are regularly deleted after the cessation of necessity, or deleted in accordance with the data protection declarations of the listed recipients.
9 Newsletter
9.1 Purposes of the processing
We use a newsletter service for communication and external presentation.
9.2 Lawfulness of processing
Art. 6 para. 1a GDPR, your consent to the newsletter with double opt-in.
9.3 Recipients or categories of recipients
We use the services of Mailchimp from The Rocket Science Group, LLC as part of an order processing according to Art. 28 GDPR to send the newsletter. Some of the processing takes place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses have been agreed with the service provider. The privacy policy of Mailchimp can be found at https://mailchimp.com/legal/privacy/.
9.4 Storage periods
After unsubscribing from the newsletter, your relevant personal data will be deleted.
10 Presentation of our current share price
10.1 Purposes of processing
In order to give you an up-to-date overview of what is happening on the stock exchange, we show you our current share price at Deutsche Börse on our Share Price page.
10.2 Lawfulness of processing
Art. 6 para. 1f GDPR, our legitimate interest for external communication and self-presentation.
10.3 Recipients or categories of recipients
The share price is provided directly by Deutsche Börse. Therefore, when you call up the page, your IP address is transmitted to the Deutsche Börse server located in Germany.
10.4 Storage periods
The data logged on the server when the page is called up is deleted after 30 days. See also the data protection declaration of Deutsche Börse: https://www.boerse-frankfurt.de/datenschutz.
11 Postal direct advertising for the acquisition of new customers
11.1 Purposes of processing
The personal data is processed for the purpose of acquiring new customers, promotional approach.
11.2 Lawfulness of processing
Art. 6 para. 1f GDPR, our legitimate interest to carry out direct advertising. The source of the personal data is Deutsche Post Direkt GmbH, Junkersring 57 in 53844 Troisdorf, Germany. Further information on data processing can be found at: Data Protection | Deutsche Post Direkt.
11.3 Storage periods
The personal data will be deleted immediately after the purpose has been fulfilled or after the postal mailing has been sent.
12 IT user management
12.1 Purposes of processing
For guest users, freelancers and service providers, user accounts with role and authorisation management for access to operational resources can be created if required.
12.2 Lawfulness of processing
As necessary processing under Art. 6 (1b) GDPR if you need to access operational resources as part of the performance of your contract with us. Or on the basis of your consent under Art. 6 (1a) GDPR if you voluntarily wish to use our network resources, for example as a guest.
12.3 Recipients or categories of recipients
The recipient of the data is Microsoft within the framework of commissioned processing in accordance with Art. 28 GDPR. The processing takes place in data centres within the EU.
12.4 Storage periods
Guest user accounts are automatically blocked for 3 months and deleted after a further 6 months. Accounts of freelancers and service providers are blocked as part of the offboarding process after termination and deleted after 12 months.
13 Credit assessment
13.1 Purposes of the processing
Checking the creditworthiness of customers
13.2 Lawfulness of processing
Art. 6 para. 1f, the legitimate interest to protect against payment defaults.
13.3 Recipients or categories of recipients
Service providers for creditworthiness information, for example Creditsafe Berlin, Deutsche Factoring Bank Bremen.
13.4 Storage periods
The information is stored for the duration of the business relationship.
14 Operation of the eOperate portal
14.1 User Guiding
14.1.1 Description and scope of data processing
We use the services of Userflow Inc, 548 Market St PMB 69598, San Francisco, CA 94104-5401, to provide onboarding content (tool tips and click guides), to provide a help centre including a chatbot and to answer feedback questions.
We use the Zapier, Inc. service, a tool to automate workflows such as user self-registration, fulfilment processes and sales initiative support.
We use Tally.so, an online form creation tool that allows us to collect data from users. It allows us to easily create customised forms for various purposes, such as registration, surveys, feedback and more.
We use HubSpot as a presales tool to manage potential prospects and facilitate lead tracking to improve customer retention and sales strategies.
14.1.2 Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. f GDPR, our legitimate interest in offering improved usability of our portal.
14.1.3 Purpose of the data processing
Providing services that support the user of our portal during use. Providing help texts, chatbots and similar functions.
14.1.4 Recipient of the data / third country transfer
The recipient of the data is Userflow Inc, 548 Market St PMB 69598 in San Francisco, CA 94104-5401, USA. We have concluded the EU standard data protection clauses with the service provider and checked the suitability of the service provider on the basis of the technical and organisational measures implemented.
Zapier Inc. 548 Market St, San Francisco, CA 94104, Zapier has certified to the U.S. Department of Commerce that it complies with (1) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with respect to the processing of personal data it receives from the European Union in reliance on the EU-U.S. DPF.
Tally.so, August van Lokerenstraat 71, 9050 Ghent, Belgium, is the company that processes the form data as a processor pursuant to Art. 28 GDPR.
HubSpot, Inc. 25 1ST St Ste 200, Cambridge, MA 02141, has confirmed to the U.S. Department of Commerce that it (1) complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with respect to the processing of personal data it receives from the European Union in reliance on the EU-U.S. DPF.
14.1.5 Duration of storage
The anonymised IP addresses are stored for 60 days. Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these include the accessing IP address and, depending on the error, the website accessed.
14.2 Audit logs
14.2.1 Description and scope of data processing
We process personal data to secure our services and for traceability purposes. For this purpose, the user ID or gateway user ID with the activities and the associated data such as the business partner ID are stored when accessing the eOperate portal or the API.
14.2.2 Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, our legitimate interest in ensuring the operational security of the API and the traceability of user activities.
14.2.3 Purpose of the data processing
We store the user ID with the associated context data that we need to ensure the operational security of our system and to make the activities of a user ID traceable.
14.2.4 Recipients of the data / transfer to third countries
The data is only processed internally.
14.2.5 Duration of storage
The data is stored on a personalised basis for as long as the corresponding user ID exists. As soon as the user ID has been deleted, it is no longer possible to identify the data subject on the basis of the stored audit log.
15 Your rights as a data subject
According to the GDPR, you have the right to:
Pursuant to Art. 7 (3) GDPR, to revoke your consent once given to us at any time with effect for the future.
In accordance with Art. 15 DSGVO, to request information about your personal data processed by us.
In accordance with Article 16 of the GDPR, to request the correction of inaccurate or incomplete personal data stored by us.
In accordance with Article 17 of the GDPR, to request the deletion of your personal data stored by us.
In accordance with Article 18 of the Regulation, you may request the restriction of the processing of your personal data.
In accordance with Article 20 of the GDPR, to receive your personal data that you have provided to us in a usable format.
In accordance with Article 21 of the GDPR, you have the right to object to our legitimate interests. To do so, please use the contact details in the imprint.
Complain to a supervisory authority in accordance with Art. 77 DSGVO. Complain to the data protection supervisory authority. Your competent supervisory authority is the one in your place of residence. You can find a list of supervisory authorities here: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html;jsessionid=BED09EA7C3AC1DD515E2770630750FCA.intranet241.
16 Note on the use of the domain
emobility.software by Compleo Charging Software
Compleo Charging Software uses the domain https://emobility.software for its corporate website, the provision of its products and services and the collection of usage data to improve the user experience and service. Visiting the domain includes access to the Compleo web platform and the ability to request technical support.