Privacy policy
The high standards you place on the qualities of our products and services govern how we handle your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospective customers. The confidentiality and integrity of your personal data is one of our prime concerns.
Who is responsible for data processing?
Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, Germany (“DCS”) provides the customer with the Kia Charge services as data controller and is responsible for related data processing activities.
What data do we process about you, for what purpose and how long is the data stored?
The personal data collected in connection with entering into a Kia Charge contract or providing the Kia Charge services are processed to enter into the Kia Charge contract, to allow the customer to use the Kia Charge services (e.g. charging at a charge station) and to invoice the Kia Charge services to the customer. (Art. 6(1)(b) EU General Data Protection Regulation “GDPR”).
Conclusion of contracts
In connection with entering into a Kia Charge contract, the following data categories are processed:
- contact data (e.g. last name, first name, address, email address)
- account data (e.g. the Kia Charge login account, payment details)
- vehicle data (VIN)
The contractual data are automatically erased after expiry of the Kia Charge contract; financial transactions are erased in accordance with the statutory provisions after 10 years.
To use the Kia Charge app, you need a Kia account with Kia Connect GmbH, Theodor-Heuss-Allee 11, 60486 Frankfurt, Germany registered in the commercial register of the Frankfurt am Main District Court under HRB 112541 ("Kia Connect GmbH"). With the Kia account you can register for numerous services (e.g. websites or applications) of Kia Connect GmbH or third parties. It serves as a central user account in which you can manage your data centrally. The data processing required for this takes place as part of the performance of the contract (Art. 6 Para. 1 lit. b DSGVO). Your e-mail address and a password chosen by you personally are required for registration. Please note the detailed data protection declaration of Kia Connect GmbH applicable to the Kia account. You can access this at https://connect.kia.com/ie/kia-connect-legal-document/
Provision of services
For the purposes of the provision of the Kia Charge services by DCS the following (where required, personal) information is processed (Art. 6(1)(b) GDPR):
- an individual identification number which is allocated to the Kia Charge card respectively the authentication instrument used by the customer at a charging station.
- the charge detail records showing the charging events conducted by the customer.
- the location of the charging station where the charging events are conducted and the location of the customer by displaying a map for easier orientation and ensuring correct addresses (the location only to the extent that an e-route service is offered and to the extent the customer has activated the GPS function in the Kia Charge app).
- All other data collected during the charging process.
DCS is unable to provide you with the respective service if these data are not provided and are not processed. The processed personal data are automatically erased after 90 days unless they are needed longer for the provision of a specific service.
The provision of the customer's vehicle data is necessary for the correct handling of the billing of the charging process with our service provider. The VIN is required to identify the corresponding contractual relationships.
DCS uses commissioned service providers to provide the Kia Charge services.
Transfer of personal data to charge point operators
When transferring personal customer data to a charge point operator, both DCS and the charge point operator are to be deemed as controllers.
Where DCS acts as an agent of the charge point operator ("Partner CPO") or if the customer has purchased an additional package from the charge point operator via DCS, which result in a separate charging contract between the customer and the charge point operator, DCS transmits the following data to the charge point operator:
Transfer of this data to a chage point operator is necessary to provide the purchased charging services, Art. 6 (1) (b) GDPR.
Securing product quality, research and development of new products
Beyond the mere provision of Kia Charge services, the data collected are also processed for the purposes of quality assurance of the Kia Charge services offered by DCS and for the development of new related services by DCS. These processing activities serve the legitimate interests of DCS and Kia Motors Europe (KME) to comply with the high standards placed by our customers on existing services and to be capable of satisfying our customers' future wishes through the development of new services (Art. 6(1)(f) GDPR). In order to protect our customers' privacy, the data processed in accordance with this section are processed exclusively in a form that is not directly traceable to the customer.Furthermore, the contact details are used to send direct advertising for our own, similar services or products of DCS (Art. 6 (1)(f) GDPR). The customer will be contacted by email or via the app. At any time, the customer has the right to object to the processing of personal data for the purposes of such advertising using the contact options below.
To improve our services, logged-in users can rate the charging stations of the DCS network, comment on them, or upload user-generated content to a charging station (hereinafter "ratings"). These ratings are stored by DCS together with personal data and used exclusively to improve our services.
DCS reserves the right to display the ratings on the website, app and via other channels (hereinafter "frontends") together with the initials of the customer, in order to make them available to other users for an improved service and customer experience. It is also possible for DCS to make the ratings available to the partners in the DCS network to display on their frontends. Any such use of a rating by DCS or a partner of the DCS network is carried out in a way that protects the user's data in an anonymous form, i.e. only using the user's initials and without other personal information, unless the user has consented in advance to another use.
Every user has the option of deleting their rating via a charging station at any time using the settings in the respective frontends.
We also analyse your user behaviour in our mobile apps. This is to adapt the quality and user-friendliness of our services to the wishes of our customers, also in the context of the mobile apps (Art. 6(1)(f) GDPR). This serves the legitimate interest DCS in meeting growing customer demands. You have the opportunity to object to this processing in our mobile apps at any time.
The following data categories are processed in connection with user behaviour in our mobile apps:
General use: Start and end of use (date and time), length of stay, use of individual functions, buttons and page views, search behaviour and search terms, use of promotions such as voucher codes
Device-related data: Device type, operating system, language settings, time zones, location, app settings, app crashes and other errors
In individual cases, your personal data may be transferred to third parties. These are companies in the categories of IT services, logistics, telecommunications, consulting, customer support, and dunning. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Some third countries are certified by the European Commission as having data protection comparable to the EEA standard through so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a uniformly high level of data protection due to the lack of legal regulations. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company rules, standard contractual clauses issued by the European Commission, certificates or recognised codes of conduct. In addition, the transfer of data outside the European Economic Area (EEA) is based on your consent in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, provided you have given this consent in advance. Please contact us, if you would like further information on this.
Advertising communication and market research based on consent
If you have separately given your consent to the further use of your personal data, your personal data may be used to the extent described in the consent declaration, e.g. for marketing purposes and/or market research, and where applicable disclosed to third parties (Art. 6(1)(a) GDPR). Further details can be found in the respective consent declaration, which can be revoked at any time.
Legal obligation
Furthermore, DCS will process personal data if it has a legal obligation to do so (Art. 13(1)(c), Art. 6(1)(c) GDPR). For example, DCS may be legally obliged to disclose personal data to public authorities or other third parties.
Customer Surveys & Polls for Product
Purposes and legal basis of data processing
For the purpose of product improvement, we occasionally conduct polls, customer surveys and similar activities. If the customer participates in such an action, we will process their responses and, if applicable, other personal data with which they can be identified, such as the customer support ticket ID, in order to improve our products and services.
The legal basis for the processing is our legitimate interest in the continuous improvement and further development of our products and services in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Depending on the type of survey, data processing can also be based on a separate consent obtained from the customer in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Third party services (Google Maps)
In order to ensure the correct input of addresses, we have integrated into our website the service Google Maps from Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) through an API. Google acts on our behalf in this matter. In order to display the content in your browser, Google must receive your IP address, otherwise Google will not be able to provide you with this embedded content.
The legal basis for processing arises from Art. 6(1)(b) of the GDPR, i.e. we process your personal data based on the performance of the contract. You can deactivate the Google Maps service and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we would point out that in this case you cannot use the map display on our pages.
Google may transfer the information obtained from Maps to third parties, if required by law or to the extent that third parties process this data on behalf of Google.
More information on the purpose and scope of the data collection and its processing by Google Maps can be found in the privacy policy. There you will also find further information about your rights as well as settings options for the protection of your privacy: https://policies.google.com/privacy.
To whom do we transmit your personal data?
We only pass on your personal data to third parties if this is necessary for the fulfilment of the contract or if you have given your explicit consent. For customers with a “Kia Account”, we will transmit your vehicle data (VIN) to KME, to enable the eligibility check required for the service support for new vehicles and for invoicing purposes.
How do we protect your personal data?
We secure your data using state-of-the-art technology. By way of example, the following security measures are used to protect your personal data against misuse or any other form of unauthorised processing:
- access to personal data is restricted to only a limited number of authorised persons for the specified purposes;
- collected data are transferred only in encrypted form;
- furthermore, access to these IT systems is monitored permanently in order to detect and avert misuse at an early stage.
We only store your personal data for as long as is required for the respective purpose. If data are processed for multiple purposes, they are automatically erased, or stored in a form that is not directly traceable to you, as soon as the last specified purpose has been fulfilled.
Contacting us, your data protection rights and your right to complain to the Data Protection Authority
You are entitled to request access to your personal data, to request the rectification/erasure or restriction of processing, to object to the processing by contacting Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, E-Mail: dataprotection@digitalchargingsolutions.com. If you are in the opinion that we do not take your concerns or complaints regarding the processing of data seriously you can also reach out to the responsible regulatory authority.
If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. To this end, please contact Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, E-Mail: dataprotection@digitalchargingsolutions.com