Privacy Statement

Last updated (Effective Date): Oct 16, 2020

Scope of Privacy Statement

This Privacy Statement applies to the personal information that we obtain when you use the EVA Global website or when you otherwise interact with EVA Solutions Group Oy (“EVA Global” or “EVA”).

The data controller in accordance with the applicable data protection law is EVA Solutions Group Oy. EVA is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.

For data subjects located in the EU/EEA, you can contact the relevant EVA entity at one of the following addresses:

Our Finland entity:
EVA Solutions Group Oy Business ID: FI2868557-4

Address: Aleksanterinkatu 32, 33100, Tampere, Finland Email: info@eva.global

 

Collection of information

Information you provide to us

 

EVA Global Account Information

We collect information about you and your company when you use our products and/or services, do business with us and when you interact with us: register for the EVA Services; modify your user profile; and make purchases through, use, access, or interact with, the EVA Services (including, but not limited to, when you download, view, or share content), require assistance at a charging station, require work specifications to carry out maintenance and/or repair work of charging station.

 

Information we collect as a processor includes:

  • Contact and user information, such as name, personal/business address, contact telephone number(s)and email addresses
  • Billing information, such as credit card details and billing address
  • Profile information, such as a username, name and e-mail address
  • Preferences information, such as notification and marketing preferences; you can opt-out from receiving direct marketing by modifying your marketing preferences in the preferences
  • center, or by following the unsubscribe link available in the newsletters
  • Information related to an electric vehicle charging session, such as vehicle make and model, location, time and date, charging data records including duration, energy use and transaction value


You may provide this information directly when you enter it in the EVA Services. You may also refuse to not enter the information asked, but please note that by limiting the information you provide us, we can only provide you limited services.

In some cases, another user (such as a system administrator) may create an account on your behalf and may provide your information, including personal data (most commonly when your company requests that you use our products). We collect such information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including personal data) about someone else, we assume that you have the authority to act on their behalf. Please let us know if this is not the case.

 

Other submissions

We process other data that you submit to our websites, or as you participate in any interactive features of the EVA Services, participate in surveys, contests, promotions, activities or events, request customer support, communicate with us via third party social media sites, or otherwise communicate with us. For example, you can submit information regarding a problem you are experiencing with an EVA Global product to our support services.

Some of the Services offer features and functionality that allow posting information publicly, for example in social media platforms. Any personal information you choose to submit in such forums may be read, collected, or used by others who visit these sites, and may be used to send you unsolicited messages. EVA Global is not responsible and shall not be held liable for the personal information you choose to submit to or through these channels or for any acts or omissions of other users who may access such information.

This type of data may be collected also from individuals, who are not currently EVA Global’s customers but interested, perhaps, in contracting services from us, or working with us.

 

Information we collect from use of EVA Global Services

Information Collected Using Cookies

We collect certain information through the use of cookies, which are small text files that are saved by your browser when you access our Services. We use both session cookies and persistent cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We also use cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent cookies, session cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Services. Some third-party service providers that we engage (including third-party advertisers) may also place their own cookies on your browser. Note that this Privacy Statement covers only our use of cookies and does not include the use of cookies by third parties.

This type of data may be collected also from individuals, who are not currently EVA Global’s customers but interested, perhaps, in contracting services from us, or working with us.

 

Web Logs

We gather certain information and store it in log files when you interact with our Websites and Infrastructure Management Products. This information includes, but is not limited to, internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information.

This type of data may be collected also from individuals, who are not currently EVA Global’s customers but interested, perhaps, in contracting services from us, or working with us.

 

Purpose and legal basis for processing your personal data

We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes:

 

1. Service provision and managing your customer relationship

  • Provide, operate and maintain EVA Services;
  • Process and complete transactions, and send you related information, including purchase confirmations and invoices;
  • Send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates,
  • security alerts, and support and administrative messages;

Our processing of personal data for these purposes is based on the contract between you/the company you represent and us.

2. Service development and information security

  • Monitor and analyze trends, usage, and activities in connection with EVA Services;
  • Improve the quality of the Services and to develop new features in the Services. This means for example using analytics information (including log and configuration data) to understand how our products are being configured and used and how they can be improved for the benefit of all of our users;
  • Ensure the security of the Services; and
  • Investigate and prevent fraudulent transactions, unauthorized access to EVA Services, and other illegal activities;

The legal basis for these purposes of processing is our legitimate interest to ensure that our Service has an adequate level of data security, that the Services are used according to the Terms and Conditions or any other Terms of Use that may apply to the Services and applicable laws, and that we have sufficient and relevant information at hand to develop our Service.

3. Marketing

  • Where we have the needed permissions, EVA Global may send you promotional communications, such as information about services, features, surveys, newsletters, offers, promotions, contests, events and providing other news or information about us and our select partners. You always have the ability to opt out of receiving any of these communications by using the “unsubscribe link” within the e-mail or by amending your marketing preferences in the preferences center;
  • Personalized EVA Services, including by providing content, features, or advertisements that match your interests and preferences;

Our processing of personal data for these purposes is based on our legitimate interest to provide you relevant information as part of the Services and to promote the Services to you.

When the legal basis for our processing of your personal data is legitimate interest, we have done a so-called balancing test as required by data protection legislation to ensure that it is all right to use this legal basis. If you would like find out more about this, please contact security@eva.global


What Information Do We Share With Third Parties?

We will not share your personal data except as described below:

 

Affiliates

EVA Global has a number of Authorized EVA Partners and subsidiaries (collectively, “Affiliates”). We share your personal data with these Affiliates, when it is required to do so in order to provide the service to you, in which case we require our Affiliates to abide by the requirements within this Privacy Statement.

 

Mergers and acquisitions

If another company acquires our company or our assets (for example in connection with a merger, acquisition or bankruptcy), that company may acquire also the personal data collected by us and in this case will assume the rights and obligations regarding your personal data as described in this Privacy Statement.

 

Information shared with third party service providers

EVA Global may share your information with third party service providers to provide you the Services, to facilitate your use of our Services, to process any financial transactions you make through our Services, or to provide technical support. This means for example third party vendors who provide the necessary software, networking, storage and other similar technology that are required to provide the Services. Except as set forth in this Statement, these third-party service providers must only use your information to provide the services requested by EVA Global.

 

Disclosing personal data to competent authorities or for safety reasons

We may share your personal data to comply with requests from competent authorities or related to legal proceedings when this is permitted or required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

 

Information we disclose with your consent or at your request

If you have expressly requested that we do so, we may share your personal data with (i) third-party sites or platforms, such as social networking sites; and/or (ii) third-party application developers.

 

Third-Party Sites, Applications and Services

Our Services may contain links to other websites and services, and some of our Services may be accessed through third-party applications or services. Any information that you provide on or to a third-party website, application, or service (“Third-Party Services”) is provided directly to the owner or operator of such Third-Party Services and is subject to that party’s privacy policy. Even if such Third-Party Services are accessible through our Services, our Privacy Statement does not apply to such Third-Party Services and we shall not be held responsible for the content, privacy, or security practices and policies of such Third-Party Services. To protect your information, we recommend that you carefully review the privacy policies of other Third-Party Service that you access or use.

 

Transferring your personal data outside the EU/EEA

Some of our Affiliates and third-party service providers process personal data outside the European Economic Area (EEA):

  • For example, some of the personal data is stored on cloud-based servers which can be geographically located outside the EEA, such as in the United States
  • EVA Global has employees in the United States, who do not have access to the personal data of EU residents
  • Our partners are located all over the world; the partners mostly process personal data of their local contacts, but they may also in some situations have access to the personal data of EU residents.


If personal data of EU residents is in any way transferred or processed outside the EEA, we take all necessary steps to ensure that such personal data continues to be adequately protected. Usually we use EU Commission’s Standard Contractual Clauses (as required by Article 46.2 of the EU General Data Protection Regulation), which means that we have a contract in place with our affiliates or service providers, requiring these parties to process personal data in a secure manner. If you would like find out more about this, please contact security@eva.global 

 

Retention of personal data

Your personal data will be retained only for as long as necessary to fulfil the purposes defined in this Privacy Statement.

Most of your personal data will be retained during the course of your customer relationship with EVA Global. Some personal data might be retained after your customer relationship with us has ended, if required or allowed by applicable laws; for example, applicable tax and accounting legislation requires us to keep some information for six years and in some cases even longer. When your personal data is no longer required by law or rights or obligations by either party, we will delete your personal data.

Personal data which is not necessary for the customer relationship will be deleted or anonymized as soon as possible after the collection of such personal data and at latest within 12 months.

 

Your rights

You have a right to access personal data we process about you. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Statement and may also be required by law. Thus, you may not remove such personal data.

You have a right to object for certain processing. To the extent required by applicable data protection law, you have a right to restrict data processing.

You have a right to data portability, i.e. right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.

You have a right to complain to a supervisory authority in accordance with Article 77 of the EU General Data Protection Regulation. You can contact the supervisory authority of your place of residence, place of work, or place of one of our entities located in the EU.

 

EVA Global’s customers and users:

You can access and modify your personal data in your EVA Services account by accessing your user profile at the EVA Customer Portal website. If you want us to delete or disable your personal data and your EVAaccount, please contact your internal administration. If you don’t know your administrator, you can contact EVA Global at support@eva.global with your request.

You may opt out of receiving promotional communications from EVA Global by using the unsubscribe link within each email, or emailing us at security@eva.global to have your contact information removed from our promotional email list or registration database.

 

Non-customers:

If you wish to access your personal data, wish to have your personal data removed or want to use any of the other rights mentioned above, please contact security@eva.global.

 

Security of your information

We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use, or disclosure. Our Services have security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. When our Services are accessed using a supported browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that data are safe, secure, and available only to you. EVA Global also implements a security method based on dynamic data and encoded session identifications, and hosts the website in a server environment designed to be secure and that uses a firewall and other technology designed to prevent interference or access from outside intruders. EVA Global provides unique user names and passwords that must be entered each time a customer logs in to our Services. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of personal data.

 

Sensitive Information

Our purposes of processing your personal data (as described above) do not necessitate collecting and processing of any sensitive information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). We kindly ask you to not send any sensitive information on or through our Services or via any other means as this poses unnecessary risks to your privacy.

 

Changes to Privacy Statement

We may modify and revise this Privacy Statement from time to time if this is necessary for example due to changes in the Services. If we make any material changes to this Privacy Statement, we’ll notify you of such changes by email or other appropriate mode of communication.

 

Contacting Us

Please contact us at security@eva.global if you have any questions about our Privacy Policy.

 

Data Security and Business Continuity Statement

EVA Global considers that the security of the data of its customers and users is a fundamental pillar to be a trusted partner in eMobility in its services of management of charging infrastructure and attention to drivers. The entire organization works to guarantee the confidentiality, integrity and availability of the data it processes, in accordance with the Information Security Management System according to ISO/IEC 27001, with special attention to personal data in accordance with the Information Privacy Security Management System according to ISO/IEC 27701.

 

EVA Global wants to be a benchmark in the sector, for which it is strategic to exceed the expectations of its customers and users. Therefore, it considers it essential to guarantee, in the event of any disruptive incident, its ability to adequately meet the services requested. The entire organization is prepared for the management and response to disruptions, through the Business Continuity Management system according to ISO 22301.

 

To achieve this, EVA Global is committed to complying with all the information security and business continuity requirements that are applicable to it, continuously improving its Information Security and Privacy Management System and Business Continuity Management System.



November 2021