For details of the cookies used on the App, please see section 7 below
1. DATA CONTROLLER
The data controller is Daze, which can be reached at the following e-mail address: firstname.lastname@example.org.
2. PERSONAL DATA PROCESSED
By means of the App, the Data Controller processes the following categories of personal data:
- Device information: by installing the App through the store (i.e. App Store, Play Store) on your mobile device (the “Device”), you authorize Daze to collect certain personal and non-personal information about the Device, the processing of which is necessary for the successful installation (e.g. Device model, operating system version, screen resolution, connection type, language etc.). Since this is information whose processing is essential for the technical operations of installing the App on your Device, the only way you can object to such processing is to uninstall the App;
- information necessary to create an account: in order to take full advantage of the features offered by the App – such as, for example, interconnection with the wallbox, you must register by creating a personal account (hereinafter, the “Account”), providing your first and last name and e-mail address. In addition, you may, at your full discretion, decide to provide us with additional data to complete your Account with additional information, such as your residential/domicile address and telephone number;
- information related to your Daze Wallbox: through the App, you have the possibility to connect to the Daze wallbox (hereinafter, the “Wallbox”) you have purchased in order to better manage it. In this context, in order to connect the App to the Wallbox, you will be asked to enter its serial number and PUK code, and to assign it a name;
- information relative to the electrical system: once you have connected the Wallbox to the App, we will be able to acquire some information relative to the electrical system to which the Wallbox is connected, such as the type of system (e.g. single-phase/three-phase), the meter power, the participation to the Arera “Experimentation aimed at facilitating the recharging of electric vehicles at night and on holidays”, the presence of a photovoltaic system, and the predisposition to variable energy supply;
- information relating to Wallbox recharging sessions: through the App, you will be able to view information relating to Wallbox recharging sessions, such as the start and end times of recharging and the quantity of energy supplied, including, as the case may be, recharges carried out by other users;
- data of third parties: if you decide to provide us with personal data of your family members and/or third parties, it is your responsibility to ensure that they have been previously and adequately informed of the processing methods and purposes indicated herein, and that the processing of such data is based on one of the legal bases set forth in the GDPR. In relation to such processing, you act as the data controller and assume all obligations and responsibilities under the law and expressly indemnify Daze against all claims, objections or demands made against Daze by third parties whose personal data is processed through the App under your responsibility. Similarly, if you have created an Administrator Account for the management of one or more Wallboxes shared with several users, we hereby inform you that you shall act as an autonomous data controller with respect to the processing of the personal data of such additional users, assuming all legal obligations and responsibilities and expressly indemnifying Daze from any claim, dispute or demand that may be made against Daze by third parties whose personal data has been processed through the App under your responsibility.
3. PURPOSE OF PROCESSING
Daze collects and processes the above-mentioned personal data for the following purposes:
- registration of the Account: the data collected during the registration of the Account is processed exclusively for the purpose of allowing you to take full advantage of the services and functionalities offered by Daze by means of the App and to correctly manage the Account;
- management of the Wallbox: we process the data collected from the Wallbox in order to allow you to manage it in the best possible way and to view the information related to the recharge sessions
- fulfilment of legal obligations: we may need to process your personal data in order to fulfil legal obligations to which we are subject;
- technical management of the App: we may need to process your personal data in order to ensure the proper technical management of the App;
- ascertaining, exercising or defending our rights: where necessary, we will process your personal data in order to ascertain, exercise or defend our rights in court or whenever the courts exercise their functions;
- communication of data to third parties in the context of extraordinary transactions: we may process your personal data in the context of extraordinary transactions such as mergers, acquisitions, demergers, transfers of business units, etc., as necessary to enable us to complete the transaction and communicate your personal data to the third party(ies) involved.
4. LEGAL BASIS AND NATURE OF DATA PROVISION
Processing carried out for the purposes set out in paras. 3.1. and 3.2. finds its legal basis in Art. 6(1)(b) of the GDPR, i.e. in the performance of contracts or pre-contractual measures to which the data subject is party).
The above mentioned processing – except for the provision of the additional information referred to in paragraph 2 – information necessary for the creation of the Account – is necessary to allow you to register your Account and to use the management functionalities of the Wallbox; therefore, if you fail to provide your data for the above mentioned purposes, you will not be able to take full advantage of the services offered by Daze through the App.
The processing carried out for the purposes set out in paragraph 3.C. finds its legal basis in article 6(1)(c) of the GDPR (fulfilment of legal obligations to which the Data Controller is subject).
The data processed for the purposes referred to in paras 3.4., 3.5. and 3.6. are processed in the pursuit of a legitimate interest of the Controller, i.e. on the basis of Art. 6(1)(f) of the GDPR. The legitimate interests pursued as stated above are fairly balanced against your interests, rights and fundamental freedoms and, in any case, if you meet the legal requirements, you may object to such processing in the manner set out in this policy. In the event of opposition, we may only continue to carry out the processing in question if there are overriding legitimate reasons.
5. DATA RETENTION PERIOD
The data processed for the purposes set out in paras. 3.1. and 3.2. shall be retained until the Account is deleted and, thereafter, where strictly necessary, for the applicable period of limitation pursuant to Article 2947 paras. 1 and 3 of the Civil Code.
Without prejudice to what is set out below and to the provisions of article 7.3. regarding data retention following Account deletion, if you decide to delete your Account, your data will be retained for a period not exceeding 3 months for purely administrative purposes, without prejudice to further retention periods determined on the basis of the need to protect our legitimate interests (e.g. in the event of the management of claims and/or disputes in and/or out of court) and/or provided for by specific legal provisions.
Data processed for the purposes set out in Section 3.3 shall be stored for as long as is necessary for Daze to fulfil its legal obligations and, in any event, for a maximum period of 10 years.
With reference to the technical management activities of the App mentioned in section 3.4., we inform you that your data will be processed for the period strictly necessary to pursue this purpose and, in any case, for no longer than 12 months.
In relation to the purpose set out in section 3.5, we inform you that your data will be processed for the period of limitation applicable pursuant to Article 2947 paragraphs 1 and 3 of the Civil Code.
Finally, in the context of extraordinary operations, as per paragraph 3.6., your data will be processed for the period strictly necessary to complete the operation(s).
6. CATEGORIES OF DATA RECIPIENTS
For the pursuit of the purposes described above, your personal data may be shared with:
- employees/colleagues of Daze authorised to/ entrusted with the processing of personal data;
- IT suppliers;
- business partners of Daze;
- persons or companies offering promotion, business solicitation and advertising services;
- external consultants and professional firms;
- insurance companies, banks and credit institutions;
- authorities to whom the disclosure of your personal data is required by law;
- counterparties and third parties in the context of extraordinary transactions.
Where necessary, Daze has entered into agreements with the above-mentioned parties governing the processing of personal data by them.
Your personal data may be transferred outside the European Economic Area in full compliance with Art. 44 et seq. of the GDPR.
7.1. Definitions, characteristics and enforcement
Cookies are small text files that websites or mobile applications you visit store on your device and then transmit back to the same websites/mobile applications on your next visit. In fact, it is precisely cookies that allow the websites and applications you use to remember your actions and preferences, e.g. language, login details, display settings, etc., so that you do not have to reset them on your next visit or when you navigate to another page on the same website/app. Cookies, therefore, are used to perform computer authentication, session tracking and storage of information regarding the activities of users accessing a site or an app, and may also contain a unique identification code that allows tracking of the user’s navigation within the site or app for statistical or advertising purposes. While browsing a site/app, you may also receive on your computer or mobile device cookies from sites or web servers other than the one you are visiting (“third party” cookies). These third parties have their own personal data processing policies and privacy policies, which can be accessed directly from their respective sites, so you should refer to them directly.
There are various types of cookies, depending on their characteristics and functions, which may remain on your PC, smartphone, tablet, etc. for different periods of time: so-called “session cookies”, which are automatically deleted when you close your browser; or so-called “persistent cookies”, which are stored on your device until a predefined expiry date.
Among the technical cookies that do not require express consent for their use, the Garante per la protezione dei dati personali includes (see the Provvedimento “Individuazione delle modalità semplificate per l’informativa e l’acquisizione del consenso per l’uso dei cookie – 8 maggio 2014 [doc. web n. 3118884]” and ss.mm.ii. and the “Linee guida cookies e altri strumenti di tracciaiamento – 10 giugno 2021 [doc. web n. 9677876]”):
- technical cookies for statistical purposes, where used directly by the site or app operator to collect information, in aggregate form, on the number of users and how they visit the site/app;
- navigation or session cookies (for authentication purposes);
- functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided to the user.
On the other hand, all other cookies (i.e. non-technical cookies) and, above all, content customisation cookies (i.e. those aimed at creating user profiles and used for the purpose of sending advertising messages in line with the preferences expressed by the user when surfing the web) may only be used after obtaining the user’s informed consent.
7.2. Types of cookies used by the App: strictly necessary cookies
The App uses only so-called technical cookies, which are necessary for the App to work and cannot be deselected. They are usually only set in response to actions you take that constitute a request for services, such as setting privacy preferences or logging in. These cookies do not store any personal information.
|TOKEN||iOS, Android||Authentication token for the Identity Server to enable automatic login||Session|
8. YOUR RIGHTS UNDER THE GDPR
If the conditions provided for by law are met, you may exercise your rights under the applicable legislation at any time.
In particular, you have the right to request access to your personal data, their rectification and/or erasure, to object to their processing and, where applicable, to request not to be subject to a decision based solely on automated processing, including profiling. In addition, in the cases provided for by Article 18 of the GDPR, you have the right to request the restriction of the processing and, in the cases provided for by Article 20 of the GDPR, to obtain the personal data concerning you in a structured, commonly used and machine-readable format.
In addition, in the event that you consider that the processing of your personal data is contrary to applicable law, you always have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR.
To exercise your rights or obtain more information about the processing carried out by the Controller, you can send a request to the e-mail address email@example.com.
Verification and management of your data
To make it easier for you to exercise your rights, the App allows you to modify some of your data, including any additional data you may have provided.
You can delete your Account:
- directly from the App, via the ‘Profile’ section; or
- by sending an e-mail to firstname.lastname@example.org with “Delete App Account” in the subject line.
Upon receipt of your cancellation request, we will immediately deactivate your Account and, within a period of 3 months from receipt, delete all personal data in our archives related to your Account, as well as forward your request to the third parties who process your personal data on our behalf.
This Policy was published on 14/03/2023 and may be changed in the future e.g. in the light of the possible entry into force of new regulations, the updating or provision of new services or the adoption of new technologies. We will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published. Please visit the Policy section of the App regularly to keep up to date with the data we collect and how we use it.