Effective starting: 25.5.2018
1. INTRODUCTORY INFORMATION
Etrel respects your privacy and thoroughly protects your personal data.
In this Personal Data Protection Policy (henceforth ‘Policy’), we define the methods of personal data
collection, their purpose, security measures, with which personal data are protected, persons, with
whom we share them, and your rights concerning the protection of your personal data.
This Policy affects:
- All users of our Ocean platform (henceforth ‘platform’) and its corresponding mobile application
- Ordering and performing subscription contracts for services provided by Etrel
- Registration to notifications about product news and organized events (Etrel Newsletter)
- The use of any technical support or services offered by Etrel
Ocean system is the central system, divided in two parts backend and frontend. Backend is intended for
operators to manage charging stations on the locations they operate. Frontend system is connected with
backend system and uses the charging station infrastructure information from Ocean backend and
displays it to the end users on their mobile apps for their use to charge their EV.
2. DATA CONTROLLER
This Policy is used for all personal data that Etrel d.o.o., Pod jelšami 6, 1290 Grosuplje, Slovenia
(henceforth ‘Etrel’, ‘we’, ‘us’) collects.
As a data controller, Etrel is responsible for the processing and storage of your personal data.
If you have any questions about the use of this Policy or about the rights you can exercise arising from this
Policy, contact us in any of the following ways:
- 01 60 10 075
- Etrel d.o.o., Pod jelšami 6, 1290 Grosuplje, with the addendum 'Personal data protection'In relation to users of the services that it provides (e.g. Ocean platform), Etrel is a contractual controller.
Operators are Etrel’s clients. They manage their users via the back-end system. Etrel does not access
operator’s Ocean instance, but may offer 2nd level and 3rd level support. Operators can upload to the
backend system various data such as: charging station’s location pictures, various contractual documents
operators have with location (parking lot owners), charging station owners and connection point owners
(DSO, energy suppliers). When Etrel is called by the operator to offer 2nd level or 3rd level support, Etrel
will access the client’s Ocean instance via admin role. During the support process all information entered
by the operator is seen by Etrel support.
3. DEFINITION OF TERMS
A list of terms from this Policy and their explanations can be found in this section.
The purpose of each term listed below is defined in this Chapter.
Personal data means any information relating to an individual that can be used to identify that individual
(e.g. first name, last name, e-mail, telephone number).
Controller means the legal person which determines the purposes and means of the processing of your
Processor means a natural or legal person which processes personal data on behalf of the controller.
Processing means the collection, storage, access to, and all other forms of use of personal data.
EEA means the European Economic Area, which includes all member states of the European Union,
Iceland, Norway, and Liechtenstein.
4. PERSONAL DATA PROCESSING
Etrel processes your personal data only for clearly defined purposes, in a secure manner, and
We acquire your personal data when you provide them (such as when you use our website, order our
services, request quotes over e-mail, the phone or in writing to are physical address, or in any other way
with which you provide your personal data).
Additionally, we acquire your personal data through publicly available data records (e.g. state
We collect data from 2 types of users, Account Operators – our partners and Operator's Customers.
Customers can always exercise their right to request access to, correct, amend, delete, port to anotherservice provider, or object to certain uses of your personal data. Customers are generally over 18 years
4.1 Types of Personal Data Collected
Etrel can collect the following information or types of information:
1) From account operators:
- Basic personal data (first and last name, address and billing address),
- Basic contact data (telephone number, e-mail address),
- Basic data about the company you work for (company name, your role in the company, No. of
- Payment details,
- How and when you access your account and the Ocean platform, including information about the
device and browser you use, your network connection and your IP address.
2) Account Operators’ customers’ (End users):
- Basic personal data (first and last name, billing address),
- Basic contact data (telephone number),
- Information about sessions you initiate,
- Information about the device and browser you use,
- ID and type of vehicle.
Etrel follows the principle of data minimization as provided by legislation, which is why we collect only
data appropriate, relevant, and limited to what is required for purposes for which they are collected. The
purposes for which we collect personal data are defined in chapter 4.3 of this Policy.
4.2 Legal Basis for the Collection and Processing of Personal Data
We collect and process certain types of data on the base of contractual agreement. This mainly applies to
processing data operators (instance owners) data that are entrusted to us through Admin accounts in the
In accordance with personal data protection legislation, we may process your personal data on the
following legal bases:
- Where the processing of your personal data is necessary to perform a contract, you’ve entered
- Where you’ve given your consent to the processing of your personal data for a particular
processing purpose. You always have the right to withdraw your consent.
- For instance, creation and setup (contact name, company, company address, billing address, email, charging station information).
- For invoicing (contact name, company, billing address, e-mail).
- For messaging for informational purposes (new features, updates, upgrades…).
- For provision of 3rd and 2nd level support (instance owners’ data, end user data).
- Where Etrel has a legitimate interest to process your personal data (when we’re processing data
based on a legitimate interest, we’ll specify that explicitly in this Policy)
- Where processing is necessary for compliance with legal obligations (such as data we store for
In case end user data is accessed, there is a report system in place, that provides detailed information
regarding the path used and the scope of data accessed in the process of resolving support request.
Instance owner must therefore collect user consents for these events.
Scope of personal data seen by Etrel’s support:
- charging station’s location information
- end user’s information (identification, Electric Vehicle information, contract terms, charging
- number of end users
- uploaded documents with location pictures, contracts with location owner
Only those personal data have to be provided that we collect based on legal requirements.
Providing personal data that we require to perform a contract is voluntary. We would like to remind you
that in case you do not provide your personal data that we require to provide our services (e.g. entering
into a contract), we will not be able to provide that service.
Giving consent is always voluntary and without any adverse consequences. We would like to remind you
that certain services (e.g. e-notifications, targeted advertising) cannot be provided without your consent
or after you withdraw your consent.
4.3 Purposes of Processing
Etrel will process your data only for specific, explicit, and legitimate purposes. We undertake to not use
your personal data in ways that are incompatible with the purposes defined in this Policy.
The purposes for which we may use your personal data are defined below. Etrel may use your personal
data for one or more of the defined purposes.
The purposes for which we will use your personal data are the following:
- Data on account operators: For the purposes of provide clients (=operator) with SaaS services.
E.g. to confirm operator’s identity, contact, and invoicing purposes you. We also use this
information to make sure that we comply with legal requirements.
- Data on Account Operators’ customers’ (End users): For the purposes of provide clients
(=operator) with SaaS services, including supporting and processing charging sessions, risk and
fraud screening, authentication. We also use this information to improve our Services.
- Communicating with you regarding the performance of our services and responding to your
requests (especially notifications pertaining to the Ocean platform, responding to your requests
for quotes made through online or physical forms, filling out satisfaction questionnaires).
- Entering into a contract and performing obligations from that contract. Specifically, the
provision of services such as registrations and orders made through our website. All personal data
processed in relation to orders in on our website is processed with the purpose of entering into
and performing contracts that you entered into with us. If you do not provide all data required to
complete an order, we reserve the right to delay or cancel the order.
- For marketing communications (such as notifications about new services or upgrades of existing
- For marketing communications, based on targeted or individualized offers. The use of some
personal data helps us to personalized communication with you so that it’s as interesting and
useful to you as possible. Based on certain personal data, we can divide individuals into groups,
enabling us to tailor the content of messages to each group. We monitor individuals’ activities
when categorizing them. Marketing communication with targeted or individual offers will be
conducted only with your explicit consent.
- Transmission of personal data to third parties. We will transmit personal data only to those third
parties defined in chapter 6. Your data will be transmitted only when justified by our legitimate
interest of ensuring a safe and legitimate business and the performance of legal obligations (such
as tax-related obligations, which may include transmitting your personal data to tax authorities).
An exception is our contractual partners used for the purpose of remarketing. In this case, we will
transmit your personal data only with your explicit consent.• In relation to any legal claims or for the resolution of disputes. During the course of protecting
our business and exercising and/or protecting our rights, personal data may be disclosed. Your
personal data will be disclosed only in the manner and under circumstances defined by the law.
- For statistical analyses. To improve the user experience, we conduct analyses of the use of our
website, which is our legitimate interest of maintaining and/or improving our business success.
You have the right to withdraw your consent for any processing of your personal data at any time. You
can communicate the withdrawal of your consent to any of the contacts listed in Chapter 2 of this Policy.
4.4 How Long We Store Your Personal Data
All data is stored on the server in Germany, provided by company Hetzner. Operators are in charge of the
personal data of end users and may delete them in full at any time.
We store your personal data in accordance with applicable legislation and (i) only for as long as it is
necessary to achieve the purpose for which the data is processed, or (ii) for a period prescribed by law
(such as 10 years for storing issued invoices), or (iii) for a period that is necessary to complete a contract,
which includes warranty periods and periods during which any claims can be made based on the
concluded contract (e.g. 5 years after the end of the contractual obligations).
Personal data acquired based on your consent is stored permanently or until you withdraw your consent
(you can read more about how to withdraw your consent in Chapter 9 of this Policy). Data collected based
on your consent will be deleted even before you withdraw your consent if the purpose for which the data
were collected has been achieved.
Personal data for which the storage period has expired (e.g. because the purpose for which they were
collected has been achieved, or because the legal deadline has been reached) will be erased, destroyed,
or rendered anonymous to prevent the personal data from being reconstructed.
If you need more information about the storage periods of your personal data, please use one of the
contacts listed in Chapter 2 of this Policy.
5. PERSONAL DATA PROTECTION
Etrel has taken the appropriate technical and organizational measures to protect your personal data,
- Regular and effective upgrades to software and hardware where your personal data are stored
- Securing access to personal data
- Backup creation
- Training of employees who are responsible for the processing of personal data
- Informed and thorough decision-making when selecting the processors of your personal data
- Monitoring employees and other processors of your personal data, including conducting audits
- Control and adequate action in the event of a security breach, with which we prevent or limit the
damage to personal data
Etrel protects your personal data from illegal or unauthorized processing and/or access, and from
unintentional loss, destruction, or damage. All measures we take are within our technical capacities
(including the costs of taking certain measures) and at the discretion of the effects they have on your
In the event of a personal data breach, Etrel will inform the competent supervisory authority about the
breach without hesitation. The supervisory authority in the Republic of Slovenia is the Data Protection
In the event a suspicion that a criminal act was committed, Etrel will also report the breach to the police
and the competent state prosecutor’s office.
In the event a personal data breach occurs that could pose a great risk to the rights and freedoms of data
subjects, Etrel will inform you of such breach immediately.
6. TRANSFERRING PERSONAL DATA
Your personal data – for the expressed purpose for which they were collected – can be transferred,
consulted or access to certain third parties listed below. Each user with whom we share the personal data
may process the data only for the purposes for which they were collected. Additionally, all users are
required to follow applicable legislation and the provisions of the Personal Data Protection Policy.
Your personal data can be transferred to:
- Business partners that help us provide certain services, such as advertising and marketing
agencies. For remarketing purposes, we use Google AdWords and Google Analytics, and Facebook
Ads, which help us show you relevant advertisements. For e-mail newsletters and notifications,
we use Mailchimp service and for ensuring the adequate support as well knowledge base, we use
Jira and Confluence software solutions from Atlassian corporation.
- Other contractual partners that provide services to Etrel (e.g. Hetzner, law firms).
- Partner companies that help us provide our services.
- Conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or
other requests by public authorities (including to meet national security or law enforcement
- Prevent, investigate, or take action regarding illegal activities, suspected fraud, situations
involving potential threats to the physical safety of any person, violations of our Terms of Service
or any other agreement related to the Services, or as otherwise required by law.
- Personal information may also be shared with a company that acquires our business or the
business of a merchant whose store you visit or access, whether through merger, acquisition,
bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
Your personal data may be transferred to third parties (listed above) outside of the European Economic
Area (EEA), where these data can be processed by us or third parties. For each transfer outside of the EEA,
we’ll take additional steps to ensure the security of your personal data.
Such steps include agreements with third parties about creating binding personal data protection rules,
verification of the existence of approved certification mechanisms in line with our personal data
protection standards, and defining contractual provisions that cover personal data protection.
WHAT ARE COOKIES?
Cookies are small text files that most websites store on devices with which users access the Internet. They
are designed to recognized individual devices that users used to access a website. Their storage is
completely controlled by the user’s web browser. Users can freely restrict or block the storage of cookies.
Cookies are not harmful and always expire.
WHY ARE THEY USED?
They are of key importance to ensure user-friendly website services. Thanks to cookies, the interaction
between the user and website is easier and simpler. With their help, a website can remember the user’s
preferences and experiences, which saves time, and makes for a more effective and user-friendly
Some examples on how cookies are used:
- Improving the user experience of a website by adjusting the way content of the website is
displayed based on past visits
- Storing choices, the user made when displaying a selection of devices and offers, and displaying
- Recognizing your device (computer, tablet, smartphone), which allows us to adjust how the
content is displayed to fit the device.
- Tracking visits, which allows us to check how effective the content we display is, to make sure ads
are relevant, and to continuously improve our websites.
1. STRICTLY NECESSARY COOKIES
Necessary cookies enable the use of components necessary for the website to function correctly. Without
these cookies, the services that you’d like to use on this website wouldn’t work correctly.
2. PERFORMANCE COOKIES
These cookies collect data on how users behave on the website in order to improve the performance
component of a website (e.g. which content on our website you visit most often). These cookies do not
collect information which could identify the users. They ensure that using the website is a pleasant
3. FUNCTIONALITY COOKIES
These cookies enable the website to remember some of your settings and choices (e.g. language, region)
and enable advanced, personalized functions. These cookies may allow your actions on the website to be
4. ADVERTISING OR TARGETED COOKIES
These cookies are most commonly used by advertising and social networks (third parties) with the goal to
show you more targeted ads, reduce repetition of ads, or measure the effectiveness of advertising
campaigns. These cookies enable your actions on the Internet to be tracked.
the Internet. You can set up most browsers so that they don’t store cookies.
For more information about the options available for each browser, we recommend you to check their
- Internet Explorer 9
- Internet Explorer 7 and 8
experience.Cookies are simple text files that some website store on your computer through your browser, and save
some non-personal data.
Using cookies allows us to adapt online content to make it more attractive to individuals. Additionally, we
conduct website use analyses which allow us to improve and edit our website to make it more userfriendly.
Some cookies are strictly necessary, because our website couldn’t work without them, whereas you can
refuse all other cookies. We use strictly necessary cookies to store statistical data about the use of our
website and to store information necessary for contact forms available on our website.
In addition to strictly necessary cookies, we use other cookies that allow us to get to know our users better
and to provide you with targeted advertising on the basis of the data we collect. Refusing cookies can
cause certain content or functions of the website to not function properly (especially features that allow
the website to adapt to the interests of the user).
Overview of all cookies:
In addition to first-party cookies, we use the following third-party cookies: Google Analytics, Google
AdWords, Display Advertising extension for Google Analytics (all listed cookies by Google Inc., 1600
Amphitheater Parkway, Mountain View, CA 94043, USA), Hotjar, ActiveCampaign (by ActiveCampaign,
LLC, North Dearborn Street, 5th Floor, Chicago, IL 60602), AdRoll (by AdRoll Inc. 972 Mission Street, San
Francisco, CA 94103), Facebook Custom Audience in Facebook remarketing (by Facebook Inc, 1 Hacker
Way, Menlo Park, CA 9420).
You can refuse all third-party cookies listed above or delete them from your browser at any time.
- To delete the Display Advertising extension for Google Analytics cookies, set your browser to
- To delete the Facebook Custom Audience and Facebook remarketing cookies, set your browser
We want to remind users that the service providers listed above may collect certain personal data, which
is not connected to the data collection done by Etrel. Any such independent personal data collection is
not covered by this Policy, but is covered by the privacy policies of each cookie provider.
You can read more about personal data protection for third-party cookies in the privacy policies of each
third-party cookie provider:
Etrel uses certain elements of other providers on its website, namely Facebook, LinkedIn and MailChimp.
defined in the security policies of each provider, which you can find in the links listed above.
8. WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS
Our website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066,
USA), while YouTube is controlled by Google. If you visit our website’s content that contains a YouTube
plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of
your visit to our website.
More about how YouTube handles user data can be found on their website.
Etrel also uses social media, such as Facebook and LinkedIn. Facebook and LinkedIn operate in accordance
that they are themselves responsible for any posts on social media and that each user is responsible to
direct any questions or the exercise of their rights to the appropriate social network.
Etrel assumes no responsibility for any activities related to social media.
9. RIGHTS OF DATA SUBJECTS
You have the following rights in relation to the processing of personal data:
- Access to personal data: You can request information from Etrel about whether they process your
personal data. If they do, you can request access to your personal data and information about the
processing (which data is being processed and where the data come from).
- Rectification of personal data: You can request that Etrel rectifies or amends imperfect or
inaccurate data about you which is being processed.
- Restriction of processing of personal data: You can request that Etrel limits the processing of
your personal data (e.g. when the accuracy or completeness of your personal data is being
- Erasure of personal data: You can request from Etrel that they erase your personal data (we
cannot erase those personal data that we control due to legal obligations or based on a
- Copy of personal data: You can request from Etrel that they provide a copy of the personal data
that you sent in a structured, commonly used, and machine-readable format.
- Withdrawing consent: You have the right to withdraw your consent about the use of personal
data that we collect and process with your consent at any time. You can withdraw consent in any
way listed in Chapter 2 of this Policy. Withdrawing consent has no drawbacks, but it is possible
that Etrel will not be able to provide certain services to you after you withdraw consent.
- Objecting to processing of personal data: You have the right to object the processing of your
personal data when the purpose of the processing is direct marketing or transferring your
personal data to third parties with the purpose of direct marketing. Additionally, you can object
the processing when your data is being used with the purpose of indirect marketing with the use
of personalized or individual offers (profiling). You can communicate your objection in any way
listed in Chapter 2 of this Policy.
You can exercise all your rights by contacting us through any channel listed in Chapter 2 of this Policy.
Additionally, these contacts are available to you if you need any additional information regarding your
You have the right to lodge a complaint against us with a Data Protection Officer, which is the supervisory
authority for personal data protection.
Etrel ensures that the personal data being processed is up to date and complete. Please communicate any
changes of your personal data at firstname.lastname@example.org or +386 1 60 10 075. We will correct or amend your
personal data as soon as possible.
Etrel reserves the right to request certain personal data (e.g. first name, last name, e-mail address) when
you exercise any of your rights from this chapter to facilitate the identification of the data subject.
10. FINAL PROVISIONS
Etrel reserves the right to change this Policy. If any changes do occur, we will notify you about that in
advance. You agree to the new version of this Policy if you continue using our website and other services
defined in this Policy after a new version of the Policy is published.