evpass

Privacy Policy

At evpass, the protection of your personal data is important to us. That is why we have drawn up this Privacy Policy.

I. What does this Privacy Notice cover

This notice sets out what personal data we collect, for what purposes and your rights in this respect. This notice refers to individuals who are or were a Evpass customers, visitor to a Evpass website and/or user of a Evpass digital application. This notice also refers to individuals connected with our business customers (B2B), suppliers, business partners, stakeholders and/or investors.

This Privacy Notice provides you with information on the processing of your personal information by Evpass, whether as using our app or using services and/or purchasing products from Evpass which is a member of the Shell Group of companies.

This privacy notice explains, amongst other things, what personal data we process, for which purposes we process your personal data, for how long we hold your personal data for; how to access and update your personal data and where to go for further information or to lodge a complaint.

As well as this Privacy Notice, bespoke privacy notices and supplementary privacy statements may contain further information about how Evpass is processing your personal data. These privacy notices may vary among the countries in which we operate to reflect local practices and applicable law requirements.

II. Special Notice - Processing children’s personal data

If personal data of children is gathered this requires consent of the parent or guardian.

We do not intentionally collect personal data of individuals of those who are under 16 years old. Except in those cases where we organize educational events specifically designed for those under 16 years old. If you are under 16 years old (or a different age to reflect local legal requirement for minors) please do not send us your personal data.

Given that our products and services relate to driving, we assume you are over 16 years old. If you wish to contact us in a way which requires you to submit your personal data (such as for educational or innovation events) please ask your parent or guardian to do so on your behalf.

III. Who is responsible for any personal data collected

Evpass SA
Baarermatte,
6340 Baar
Switzerland
Tel.: +41 21 544 04 42
Website:www.evpass.ch

IV. What personal data do we process

The categories of personal data we process.

We collect information, including personal data about you, as a Evpass customer (when you are using or purchasing our services and products, creating Evpass account, subscribing to Evpass charge card) user of Evpass Apps and/or visitor to a Evpass website or social media page. This information may be either:

Contact and identification information, such as name, address, telephone number, e-mail address and other identification information e.g. RFID,
Your preferences for being contacted
When you choose to make a payment to us through our services, your payment-related information, such as credit card or other financial information, is collected and stored.
Information we may capture once you will be interacting with us through the Website or mobile application or through our charging stations may include the location of the service, the charging time, cost of charging, the duration of the charging or information of a technical nature
When you use one of our charge points with a charge card or token not offered by or powered by us we will only collect your charge log ID and RFID (thus not your name), start/stop time, charging date, your power consumption, charge point ID and location, cost of the charging session. This charge session data will be shared to us with your charge card provider for billing and settlement purposes
Customer relationship information, such as customer service requests, inquiries, and complaints including information necessary to try to resolve the aforementioned
Business contact and other information (such as job title, department, name of organization and your dealings with Evpass on behalf of yourself or the relevant Business Customer, Supplier, Business Partner).

V. For what purposes do we process your personal data

We only process your personal data where we have a lawful basis and purpose to do so.

We process your personal data for the purposes of:

providing our products our services to you
managing your account, relationships, and marketing
payment processing and financial account management
account management including account verification (that is, ensuring that only you or someone you have authorized can access your account and information)
customer service and development of our products and services
performance of and analysis of market surveys and marketing strategies
promotions and contests offered to our customers
detecting or preventing fraud

We will only process your personal data where we have a lawful basis to do so:

where it is necessary to conclude a transaction with you (such as payment information)
in order to take steps at the request of an individual prior to entering a contract
where it is necessary to comply with a legal or regulatory obligation to which we are subject to
where it is necessary for the purposes of the legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual/s
(only if legally required) with the explicit consent of the individual
in those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent
Business execution - including providing, researching, developing and improving products or services; concluding and executing agreements with Business Customers, Suppliers and Business Partners; recording and settling services, products and materials to and from Evpass managing relationships and marketing such as maintaining and promoting contact with existing and prospective customers, account management, customer service, and development, execution and analysis of market surveys and marketing strategies;
Organisation and management of the business - including financial management, asset management, mergers, demergers, acquisitions and divestitures, implementation of controls, management reporting, analysis, internal audits and investigations;
Health, safety and security – including protection of an individual’s life or health, occupational health and safety, protection of Evpass and staff, authentication of individual status and access rights; or
Legal and/or regulatory compliance – including compliance with legal or regulatory requirements.

We may also process your personal data for a secondary purpose where it is closely related, such as:

storing, deleting or anonymising your personal data
audits, investigations, dispute resolution or insurance purposes, litigation or defence of claims
statistical, historical or scientific research
legal and/or regulatory compliance

Screening

In addition, in order to comply with legal and regulatory obligations, to protect our assets and employees/contractors and specifically to ensure that we can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening (pre-contract and on a periodic basis post-contract) on owners, shareholders and directors of our Business customers, Suppliers, Business Partners and individual customers. This screening takes place against publicly available or government issued sanctions lists and media sources.

The screening does not involve profiling or automated decision making in relation to the counterparties or potential counterparties.

VI. What are the consequences of not providing your personal data

Personal data gathered by us for these processes either directly or indirectly is required in order to:

fulfil legal requirements and/or which is required for entering a contract with a counterparty and continuing to contract with that counterparty
maintain contact with business customers, suppliers and business partners, visitors to the website and investors

Failure to provide us with the information required will negatively affect our ability to communicate with you, or our ability to enter a contract with a counterparty or continuing to contract with a counterparty.

VII. Who will we share your personal data with

Your personal data are exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:

any company that is a member of our group of companies, which includes our parent company Shell Plc, where necessary for internal administrative purposes, corporate strategy, auditing and monitoring, sanctions screening and research and development
we may also share your personal data with our group companies where they provide products and services to us that help us to provide products and services to you as our customer
we may also share your data within our group of companies to offer you promotions or to inform you about EV charging related products and/or services. This is based on your marketing consent preferences and in all cases any marketing material will be sent to you by us only
our authorized 3rd party agents, service providers and/or subcontractors (like Green Motion, companies owned by Green Motion –which keep the personal data and serve Evpass customers or Saferpay – a company which will serve online payments transactions or Hubject – a roaming platform provider)
a competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which we are subject to or as permitted by applicable local law.
on request of a party, we can forward your data to such party if such party has a legitimate interest to obtain your personal data. Parties who pay for your charge sessions on your behalf might have such a legitimate interest. We and the requesting party will conduct a legitimate interest assessment to determine whether and which information is shared

Shell Single View of the Customer

With the aim of ensuring you have a seamless experience with the Shell group and depending upon the nature of your engagement with Shell, we combine information gathered from the sources referred to above to create a personal profile of you. This enables you to interact with different Shell companies more easily and ensures we have the most up to date information about you in order to better develop services and products and to tailor offers relevant to your specific interests.

Please note however, you can control how Shell uses this information. You can opt out of having your personal data combined in this way. For further details please refer to section below: ‘Your rights in relation to your personal data’.

VIII. Transfers of your personal data to other countries

Your personal data may be transferred outside of your country, subject to appropriate safeguards.
Where your personal data is transferred to companies within the Shell group and/or to authorized 3rd party agents service providers and/or subcontractors who may be located in or outside of your location (including outside of the European Economic Area) we take organizational, contractual and legal measures to ensure that the personal data is exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard the personal data.

These measures include Binding Corporate Rules for transfers among the Shell Group. You can find a copy of the Shell Binding Corporate Rules at www.shell.com/privacy.html

For technical reasons, sometimes your personal data may also be processed abroad. If the country in question is not regarded as adequate by the Swiss Federal Proposal on Data Protection and Transparency, we take the protection measures required by the law before any transfer is made.

IX. Security of your personal data

We are committed to safeguarding your personal data.

We have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use. We may use encryption for some of our services, we apply authentication and verification process for access to our services and we regularly test, assess and evaluate the effectiveness of our security measures.

When you enter your credit card details, please be informed that a 3rd party payment provider will process your payment. We will only store the last four digits of your credit card number, the expiry data and the security code.

X. How long do we hold your personal data for

We will only hold your personal data for a defined period.

Any personal data that is required for the purposes of conclusion and execution of agreements with) customers, suppliers and business partners will be held during the duration of the contractual relationship and up to 10 years after.

Personal data gathered which relates the screening against publicly available or government issued sanctions lists and media sources, such personal data is held for no longer than 15 years after it was first gathered.

In all cases information may be held for a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or b) a shorter period where the individual objects to the processing of their personal data and there is no longer a legitimate purpose to retain it.

XI. Your rights in relation to your personal data

Your rights and how to exercise them.

We aim to keep our information as accurate as possible. You can request:

access to your personal data
correction or deletion of your personal data (but only where it is no longer required for a legitimate business purpose such as completing a retail transaction)
that you no longer receive marketing communications
that the processing of your personal data is restricted
combining of your personal data from different sources to create a personal profile no longer takes place
that you receive personal data that you have provided to us, in a structured, digital form to be transmitted to another party, if this is technically feasible

To make any rights requests please email us at Privacy-Office-SI@shell.com.

XII. Who to contact if you have a query, concern or complaint about your personal data

Since we are part of the Shell Group, you may also contact the Shell Group Chief Privacy Office at Shell International B.V. The Hague, The Netherlands - Trade Register No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague, alternatively you can also email the Shell Group Chief Privacy Office at privacy-office-SI@shell.com.

If you are unsatisfied with the handling of your personal data by us, you have the right to lodge a complaint to the Shell Group regulator which is the Dutch Data Protection Authority located Hoge Nieuwstraat 8, 2514 EL The Hague, The Netherlands. Please visit https://autoriteitpersoonsgegevens.nl/en for more information.

You also have the right to lodge a complaint to your countries data privacy regulator for which the contact details can be found here: Startseite (admin.ch) for Swiss customers or Data Protection Authorities - European Commission (europa.eu) for other European customers

XIII. Changes to this Privacy Policy

Privacy notices are updated over time.

This Privacy Notice may change over time and was last updated on May 2023