Privacy Policy - StromNow App

§ 1 Privacy Policy

We take the protection of your personal data very seriously and treat it confidentially and in accordance with the legal data protection regulations and this privacy policy. This privacy policy applies to our mobile iPhone and iPad apps (hereinafter referred to as "APP"). It explains the type, purpose, and scope of data collection within the use of the APP. We would like to point out that data transmission over the Internet can have security gaps. Complete protection of the data against access by third parties is not possible.

(1) Responsible Party
The responsible party for data processing within this APP is:
StromNow UG (limited liability)
Karl-Liebknecht-Straße 47, 12529 Schönefeld, DE
Email: support@stromnow.com
Website: www.stromnow.com
Phone: +491742022256
The "Responsible Party" is the entity that collects, processes, or uses personal data (e.g., names, email addresses, etc.).

(2) General Storage Duration of Personal Data
Unless otherwise or more specifically stated within this privacy policy, the personal data collected by this APP will be stored until you ask us to delete it, withdraw your consent to storage, or the purpose for data storage no longer applies. If there is a statutory obligation to retain the data or another legally recognized reason for storing the data (e.g., legitimate interest), the relevant personal data will not be deleted until the respective reason for retention ceases to apply.

(3) Legal Basis for the Storage of Personal Data
The processing of personal data is only lawful if there is an effective legal basis for the processing of these data. If we process your data, this is regularly done on the basis of your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, for the purpose of contract fulfillment according to Art. 6 Para. 1 lit. b GDPR (e.g., when using in-app purchases or other chargeable APP features) or based on legitimate interests according to Art. 6 Para. 1 lit. f GDPR, which are always weighed against your interests (e.g., in the context of advertising measures). The respective legal bases will, if applicable, be specified separately within this privacy policy.

(4) Changes to this Privacy Policy
We reserve the right to change these privacy provisions at any time in accordance with legal requirements.

§ 2 Your Rights

The GDPR grants certain rights to individuals whose personal data is processed by us, and we would like to inform you about these rights:

(1) Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. We will obtain this consent from you before starting data processing. You can revoke this consent at any time. An informal email to us is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND DIRECT ADVERTISING (ART. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

(2) Right to Lodge a Complaint with a Supervisory Authority
In the event of breaches of the GDPR, those affected have a right to lodge a complaint with a supervisory authority. This right exists regardless of other administrative or judicial remedies.

(3) Right to Access, Erasure, and Correction
You have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as a right to correction or deletion of these data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

(4) Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time at the address given in the imprint. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have filed an objection according to Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

(5) Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

§ 3 App Access Rights

To provide our services through the APP, we require the following access rights that enable us to access certain functions of your device:

Bluetooth
Location data
Device numbers of your smartphone
Push Notifications

Access to the device functions is necessary to ensure the functionalities of the APP. The legal basis for this data processing is our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR, your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, and – if a contract has been concluded – the fulfillment of our contractual obligations (Art. 6 Para. 1 lit. b GDPR).

The storage duration for the data collected in this way is as follows: By using our app, you agree to this type of data collection and storage. We commit to treating your data confidentially and using it in compliance with applicable data protection laws. The storage duration for the data obtained in this way is regulated such that it is stored permanently and deleted upon request or account deletion, etc.

§ 4 Collection of Personal Data in the Context of APP Usage

(1) General
When you use our APP, we collect the following personal data from you:

First and last name
Email address
Residence
Country of stay
Usage data
IP address
Device identification
Metadata

In addition, we process the following data within the scope of our services:

Contact information (e.g., phone number, physical address)
Data from the electric car (e.g., model and customization codes, GPS coordinates, energy consumption, control of a charging process)
Transaction data (e.g., purchased products or services)
Technical data (e.g., browser and operating system information, IP address)
User data (e.g., page views, link clicks, duration of use)
Communication data (e.g., contents of contacts with our customer service)

(2) Device Information
We collect information from and about the devices you use to access our services. These include:

Hardware and software information such as device ID and type, device- and app-specific settings, app crashes, app version, app name, user type (Pro/Free), browser type, version and language, operating system, time zones.

(3) Requests within the APP, by Email, Phone, or Fax
Insofar as you contact us (e.g., via the contact form within the app, by email, phone, or fax), your request including all resulting personal data (e.g., name, request) will be stored and processed by us in order to handle your request. The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, insofar as your request relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 Para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 Para. 1 lit. f GDPR), since we have a legitimate interest in the effective processing of the inquiries addressed to us. The data you send us via contact request remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for the data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. We do not share your information without your consent.

(4) Newsletter Data
If you wish to subscribe to the newsletter offered in our APP, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected. We use these data exclusively for sending the requested information and do not pass them on to third parties. The dispatch of the newsletter is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe.

§ 5 Data Processing / Data Analysis

When you access our APP, your behavior can be statistically evaluated using certain analysis tools and analyzed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with legal data protection regulations. When using external service providers (processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.

(1) Downloading the App
Our app is available for download in Apple's App Store (hereinafter "Store"). When users download the app, the required information is transmitted to the Store, including username, email address, account customer number, time of download, payment information, and the individual device identification number. We have no control over this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app. Users can also download this mobile app directly onto their mobile device via our website. When downloading via the website, further user data is processed, about which we inform in the privacy policy of our website.

(2) Informational Use of the App
When using our app, we collect technically necessary data to offer the functions of our app and to ensure stability and security. This includes IP address, date and time of the request, time zone difference to GMT, content of the request, access status/HTTP status code, amount of data transferred, operating system and its interface, as well as language and version of the software. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR.

(3) Data Processing for Providing Functions
In the app, we process data to provide users with functions based on the usage contract concluded with the user. This only concerns the data that users enter into the app themselves.

(4) Customer Account
Users can open a customer account in the app. The data collected in this process are processed to fulfill the usage contract, based on Art. 6 Para. 1 S. 1 lit. b GDPR. The data are deleted as soon as users delete their account.

(5) Third-Party Providers

1. Google Analytics Firebase
We use Google Analytics Firebase (hereinafter Google Firebase) to analyze user behavior. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Firebase includes various functions that allow us to analyze your in-app behavior. For example, we can analyze your screen views, button activations, in-app purchases, or the effectiveness of advertising measures. We can also determine which features within our APP are frequently or rarely used. Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, regions, and a range of other data for these purposes. A detailed overview of the data collected by Google Firebase can be found at: https://support.google.com/firebase/answer/6318039?hl=en

The use of Google Firebase may require the transfer of your personal data to the USA. Currently (12/2023), all such data are stored in Germany. The storage duration for the data collected in this way is as follows: By using our app, you agree to this type of data collection and storage. We commit to treating your data confidentially and using it in compliance with applicable data protection laws. The storage duration for the data obtained in this way is regulated so that they are stored permanently and deleted upon request or account deletion, etc.

The use of Google Firebase is for optimizing this APP and improving our offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If consent has been requested, the use of Google Firebase is based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time. Further information about Google Firebase can be found at: https://firebase.google.com/ and https://www.firebase.com/terms/privacy-policy.html

2. Intercom
We use Intercom to improve customer dialog. The provider is Intercom R&D Unlimited Company, 2nd Floor Stephen Court, 18-21 St. Stephen's Green, Dublin, 2, Ireland. The provider processes content data (e.g., entries in online forms), contact data (e.g., email addresses, phone numbers), meta/communication data (e.g., device information, IP addresses), and master data (e.g., names, addresses) in the USA.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. f GDPR. We have a legitimate interest in addressing our customers as easily as possible and thus improving the exchange with them.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (a country outside the EEA) is ensured by standard data protection clauses issued in accordance with the examination procedure under Art. 93 Para. 2 GDPR (Art. 46 Para. 2 lit. c GDPR), which we have agreed upon with the provider.

We delete the data when the purpose of their collection has ceased. Further information can be found in the provider's privacy policy at https://www.intercom.com/legal/privacy.

3. Firebase Cloud Messaging
We use Firebase Cloud Messaging for communication with users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. a GDPR. The processing is based on consents. Affected parties can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.

The data are deleted when the purpose of their collection has ceased, and there are no retention obligations. Further information can be found in the provider's privacy policy at https://firebase.google.com/support/privacy.

4. Enode
We use Enode to enable users to integrate electric vehicles (EVs), EV chargers (e.g., wallboxes), solar systems, smart thermostats, and heat pumps into our mobile app. The provider is Enode AS, Inkognitogata 24C, 0256, Oslo, Norway. The provider processes location, charging statistics, and general characteristics (VIN, vehicle type, battery size) of the electric vehicle and the EV chargers.

The data are deleted when the purpose of their collection has ceased and there are no retention obligations. Further information can be found in the provider's privacy policy at https://enode.com/privacy-policy.

5. RevenueCat
To manage subscriptions and in-app purchases, we use the service RevenueCat. The provider is RevenueCat, Inc., based in the USA. RevenueCat processes information such as purchase history, subscription status, and usage-related data to assist us in managing and analyzing in-app purchases. The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR (contract fulfillment) and our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. Users can revoke their consent to data processing at any time. Data are deleted as soon as they are no longer necessary for their collection purposes. Further information on data protection at RevenueCat can be found at: https://www.revenuecat.com/privacy/

(6) Processing When Using Digital Channels
When you use one of StromNow's digital channels, such as the website, the app, or our pages on social media, we collect personal data that you provide to us. The processing of your personal data is carried out for various purposes.

§ 6 Data Processing on Social Media Platforms

Our Social Media Presence

Data Processing by Social Networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks like Facebook, X, etc., can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). Visiting our social media presence triggers numerous data processing operations relevant to privacy. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can attribute this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. This data collection can occur, for example, through cookies stored on your device or by recording your IP address.

Using the data collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. As a result, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices where you are or were logged in.

Please note that we cannot track all processing operations on the social media portals. Depending on the provider, additional processing operations may be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policies of the respective social media portals.

Legal Basis

Our presence on social media is intended to ensure a comprehensive presence on the internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal grounds to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Controller and Assertion of Rights

When you visit one of our social media pages (e.g., Facebook), we, along with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage Duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete them, revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We do not have any control over the storage duration of your data which are stored by the operators of social networks for their own purposes. For details, please directly contact the operators of the social networks (e.g., in their privacy policy, see below).

Your Rights

You have the right at any time to obtain information about the origin, recipients, and purpose of your stored personal data. You also have the right to object, data portability, and a right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion, and in certain circumstances, the restriction of the processing of your personal data.

Specific Social Networks

Instagram

We have a profile on Instagram. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.

Details on their handling of your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to adhere to these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details on their handling of your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on their handling of your personal data can be found in TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=en.

Data transfer to non-secure third countries is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=en.

Status: 02.01.2024

Please note: This English version is a translation of the original Terms of service. While every effort has been made to provide an accurate translation, in the event of any discrepancies, the original German version www.stromnow.com/de/mobile/terms-of-service-app shall prevail. This translation is provided for convenience only.

Privacy Policy App