Privacy Policy

Privacy policy

1. Accountability

1.1 One of our top priorities is to protect your personal data, irrespective of whether this data concerns you, your transactions or the products or services you have selected.

1.2 We process personal data in connection with your use of electric vehicle charging stations and our appurtenant Application (Stella’s “App”) and software and therefore, we have adopted this Privacy Policy to inform you how we protect and process your personal data when you download and use our App.

2. Data Controller

2.1 The data Controller with respect to this Privacy Policy is:

Stella - part of Viggo HQ
CVR-nummer 40308350  
Nelson Mandelas Allé 12
DK-2450 København SV  
(“Stella”, “we”, “us” etc.).
W: https://stellaenergy.io  
E: contact@stellaenergy.io  

3. Introduction

3.1 It is important to us that your personal information is kept secure and confidential. We have procedures for collecting, storing, deleting, updating and disclosing personal information to prevent unauthorized access to your personal data and to comply with Applicable law

3.2 This Privacy Policy describes what types of personal data we collect, how we process the personal data and who you can contact if you have any questions or comments with respect to our processing of personal data. This Privacy Policy has been made with reference to the data protection regulation (General Data Protection Regulation (EU) 2016/679 (also known as GDPR)) and the Danish Data Protection Act (Act No. 502 of 23/05/2018) ("Data Protection Act").

4. Categories of personal data and data subjects

4.1 We typically collect and process the following categories of Personal Data:

  • Account Information. To create or update an account, users share details such as an email address, phone number, first name, last name, and/or similar account details. Users may also share billing information, including credit card details, payment or banking information, billing address and choice of payment method. Additionally, users can configure, provide, and enable various account settings and preferences.
  • Company Information. For business customers, such as individuals associated with a company or operating their own business, we may collect details including the company name, company code, country code, contact email, member email, finance email, and company address and any additional information required to verify the company.
  • Usage Information. Users generate data when using our services, including details about purchased products or services, charge point locations, connectors used, charging effect, session start and end times, charging durations, and electricity consumption. We also log the date, time, costs, payment methods, and other relevant information for each charging session.
  • Vehicle Information. Certain services and features require users to provide details about their vehicle, such as its make, model, year, supported connector types and unique identifier.
  • Location Information. Depending on the type of services used and device permissions, we may collect precise or approximate location data via GPS. This information is used to identify nearby charging stations and provide location-specific services.
  • Automatically Generated Information. We may collect information automatically when users interact with our apps:
    • Services Metadata. Metadata is generated during user interactions, offering additional context about how the services are used. For example, we log access dates and times, user interactions such as screen views and button clicks. Users can manage these settings through their account preferences.
    • Log Data. Our servers automatically collect information when users access or use our websites or apps, recording it in log files. This log data may include Internet Protocol (IP) addresses, the web page visited before accessing the website, browser type, settings, the date and time of usage, and information about browser configuration and plugins, language preferences, and cookie data.
    • Device Information. We collect details about devices used to access the services, such as hardware type, make and model, operating system, application version, preferred languages, unique device identifiers, and crash data. The extent of data collected depends on the type of device and its settings.
  • User Content. We collect information submitted by users, such as when they contact customer support, provide ratings, reviews or feedback on charging stations, or engage with us through other channels.
  • Demographic Information. Users may share demographic information by participating in surveys, focus groups, questionnaires, or providing feedback in other ways.
  • Cookie Information. We use cookies and similar technologies on our websites and apps to create and maintain unique identifiers. These tools may collect information about users across other websites and online services.
  • Contact Information. In accordance with the consent process provided by your device, any contact information that a user chooses to import (such as an address book from a device) is collected when using the app.
  • Third Party Information. Stella may receive data about organizations, industries, Website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Customer Data we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
  • Additional Information. We collect user data when individuals interact with our websites or apps, participate in contests, promotions, events, or activities, apply for jobs, engage with us on social media, or communicate with us in other ways.

(hereinafter ”Personal Data”)

4.2 We collect and process Personal Data for the following purposes and for use in the following processing activities:

  • To set up, maintain and administrate the charging station subscription
  • To identify and service users of our App and charging stations
  • To diagnose and repair faults on the charging equipment
  • To register and invoice consumption and/or subscription
  • To ensure operation and maintenance of charging stations
  • To prevent abuse
  • To adapt and develop our products
  • To process and analyse data extracts for use in operations, maintenance and development of existing and future services
  • If the locality function in the App is used, locality data is only processed to ensure the App’s navigational functionality
  • To comply with applicable law

5. Legal basis for processing of Personal Data

5.1 General basis for processing of Personal Data in relation to your use of our App and purchase of services

5.1.1 Our legal basis for processing Personal information lies first and foremost in our relationship with you and in the interest of fulfilling and administrating the agreement(s) we have entered with you.

5.1.2 As a rule, we will have the right to process the necessary Personal Data in accordance with Article 6 (1), points a-c and point f, and, under the circumstances, with Article 9 (2), points a and f of the data protection regulation and sections 6 and 7 (1) of the Data Protection Act.

5.1.3 The above provisions govern the basis for processing Personal Data if (i) consent has been provided by the data subject, (ii) the processing is necessary to perform our services under a lease contract, (iii) the processing is necessary to comply with a legal obligation, (iv) the processing is necessary to fulfil essential interests that exceed the interests of the data subject, or (v) the processing is necessary for a legal claim to be established; claimed or defended.

5.1.4 It is our assessment that the personal data we process in relation to a customer will largely be based on Article 6 (1), points b and f of the data protection regulation and section 6 (1) under the Data Protection Act. However, any processing of locality data from the App is only carried out upon the user’s consent, cf. below.

5.2 Locality data

5.2.1 Collection of locality data is vital to the functionality of Stellas App. If the locality function is not accepted, the customer cannot receive information about the location of charging stations via the App.

5.2.2 Stella requests the customer’s consent to use locality data via the Stella App. The user may at any time switch off this access under settings for the Stella App. If Stella’s App is deleted, all stored information is deleted with it.

5.3 Legal basis for processing of Personal Data in relation to marketing purposes

5.3.1 In connection with marketing purposes, the processing of Personal Data is primarily based on Article 6, (1) point f of the data protection regulation and section 6 (1) of the Data Protection Act.

5.3.2 If the processing of Personal Data is based on consent, e.g. through subscribing to marketing material or newsletters from Stella, our legal basis is Article 6 (1), point a of the data protection regulation, and section 6 (1) under the Data Protection Act.

6. Your rights

6.1 You have certain rights with respect to the Personal Data that Stella processes about you. You have the following rights:

  • A Right to insight is the right to now if your Personal Data is processed and, if so, the right to obtain a copy of the Personal Data.
  • B Right to data portability is the right to receive Personal Data about yourself that

you have given to Stella.

  • C Right to rectification is the right to correct wrong Personal Data
  • D Right of deletion / right to be 'forgotten' is the right to have, with certain

restrictions, your Personal Data deleted without undue delay.

  • E Right to object is the right to object to our processing of your Personal Data.
  • F Right to restrict processing of Personal Data is the right to restrict handling of

Personal Data, e.g. if a request for deleting of data cannot be granted.

7. General data processing principles

7.1 Data processing principles

7.1.1 We will process the data subject’s Personal Data lawfully, fairly and in a transparent manner.

7.1.2 Our processing of Personal Data is subject to a purpose limitation, which means that Personal Data must be collected for explicitly stated and legitimate purposes. They may not be further treated in a manner incompatible with those purposes.

7.1.3 We process Personal Data based on a principle of data minimization, which means that it must be sufficient, relevant and limited to what is necessary for the purposes for which it is processed.

7.1.4 Personal Data must be processed based on a principle of accuracy, which means that it must be correct and, if necessary, up to date.

7.1.5 We process Personal Data based on a retention-limit principle, which means that Personal Data must be stored in such a way that it is not possible to identify the data subjects for longer than required for the purposes for which the Personal Data is processed.

7.1.6 Personal Data must be processed based on a principle of integrity and confidentiality, which means that it must be processed in a way that ensures adequate security of the Personal Data, including protection from unauthorized or unlawful processing and from accidental loss, destruction or damage, using appropriate technical or organizational measures.

7.2 Risk analysis

7.2.1 During our case process, we must carry out the technical and organisational measures to ensure a level of security that fits the risks specifically associated with our processing of Personal Data.

7.2.2 We have carried out a risk analysis which underlies this Privacy Policy

7.3 Duty to inform

7.3.1 All customer agreements relating to the download of our App contain a reference to this Privacy Policy which describes our collection and processing of the customers’ Personal Data. This Privacy Policy is also available on our website: https://stellaenergy.io/privacy-policy.

7.3.2 Stella’s App is based on software from third parties and therefore, we also refer to the relevant policies for our partners and suppliers. Please see Stella’s App for information about Stella’s partners.

7.4 Data Processing Agreements

7.4.1 If we are data Controllers and have considered that a data processing structure exists for one of our suppliers, we will prepare a so-called “Data Processing Agreement” with the supplier.

7.4.2 The Data Processing Agreement shall be entered between us (as the “Controller”) and the supplier (as the “Data Processor”) and shall comply with the applicable requirements for data process agreements as referred to in Article 28 (3) of the data protection regulation. This implies drawing up a contract or other legal document binding on the Data Processor. It is also a requirement that the Data Processing Agreement be in writing, including electronically.

7.4.3 In addition, the data protection regulation sets several specific requirements for the content of the Data Processing Agreement. The agreement must include information on the status and duration of the processing, the nature and objectives of the processing, the type of Personal Data, categorization of data subjects and our obligations and rights as Controller, as well as the duties of the Data Processor in relation to carrying out the processing on our behalf.

8. Transfer of Personal Data to third countries

8.1 Stella's treatment of Personal Data will predominantly take place within the EU.

8.2 If it is necessary to transfer Personal Data to a third country or international organization located outside the EU/EEA, we shall ensure prior to the transfer of Personal Data to the third country or international organization that the transfer of Personal Data is carried out in a manner that constitutes sufficient guarantee that the Personal Data is protected, including in certain cases the use of the EU Commission's standard data protection contract provisions. We will, prior to any such transfer, assess if the Personal Data is granted a level of protection essentially equivalent to that guaranteed by the GDPR and the EU Charter of Fundamental Rights (CFR) – if necessary with additional measures to compensate for lack in protection of third country legal systems.

9. Security measures

9.1 We have taken the necessary technical and organizational security measures to protect your Personal Data from accidental or unlawful destruction, loss or change and from unauthorized public disclosure, misuse or other conduct in violation of applicable law.

9.2 Access to Personal Data is limited to persons who have a need for access to Personal Data. Employees who process Personal Data are instructed and trained to know what to do with Personal Data and how to protect Personal Data.

9.3 When using an external data processor to process Personal Data, a written agreement is signed between us and the Data Processor, which also imposes a duty on the Data Processor to carry out the necessary technical and organisational security measures to protect your Personal Data.

10. Retention periods and deletion

10.1 When do we delete your Personal Data?

10.1.1 Upon termination of the contractual relationship with a customer, we will generally delete the Personal Data from the customer relationship as soon as it is no longer necessary to retain the Applicable Personal Data.

10.1.2 However, a number of considerations and special rules mean that Personal Data cannot or should not always be deleted before a certain time has passed.

10.1.3 Therefore, we always carry out a specific evaluation to determine how long Personal Data should be stored before being deleted.

10.1.4 Bookkeeping rules mean that Personal Data related to a payment must be stored for 5 years plus the current calendar year after the end of the financial year.

10.1.5 The fact that we may protect your or our interests through possible liability may involve the retention of Personal Data for 3 years (or in exceptional circumstances for a longer period) after the end of our relationship with the customer or supplier. However - to ensure the logical synergy with the financial processing of information - the customer’s basic data is stored for up to 5 years after the end of the customer relationship.

10.1.6 If Personal Data is obtained based on your consent, we will in principle delete the Personal Data obtained based on consent immediately after you withdraw your consent. However, we are obliged to keep the documentation, stating that we lawfully asked for your consent, for 2 years from the latest marketing material sent to you. Generally, a recall of consent does not affect our processing of Personal Data, which is based on grounds other than your consent, e.g. if the continued processing of the Personal Data is necessary in order for us to comply with legal obligations, to which Stella is subjected.

10.1.7 Contact information in our CRM-system is deleted and updated on an ongoing basis. However, emails which may be relevant to the determination of a legal claim are stored for up to 3 years and then deleted unless there is an obvious risk that a legal claim will be filed against or is considered being filed by Stella.

10.2 How do we delete your Personal Data?

10.2.1 Deletion of Personal Data means that Personal Data is irrevocably removed from all storage media on which it has been stored and that Personal Data cannot be restored in any way.

10.2.2 Alternatively, Personal Data can be completely anonymized with the effect that it can no longer be assigned to a person. In that case, the regulation of Personal Data does not Apply at all and complete anonymization is therefore an alternative to deletion.

11. Direct Marketing

11.1 We inform Customers about new product features, promotional communications or other news about Stella by sending an email, SMS message or push notification. We will only use your email address and/or phone number to send direct marketing messages if you have given us permission to do so via the Website or via the Stella App. We may personalise direct marketing messages using Customer Data.

11.2 You can control whether you want to receive these direct marketing messages through the settings in Stella App or by clicking the “Unsubscribe” link in the footer of our email.

12. Changes to this Privacy Policy

12.1 Stella may change this Privacy Policy at any time and with future effect. In the event of such changes, our users are informed on https://stellaenergy.io. Our new privacy policy will subsequently apply when using our App and charging stations.

13. Contact information

13.1 If you have any questions about this Privacy Policy, our processing of Personal Data, rectification or your relationship with us in any other way, you may contact us at the following email address: contact@stellaenergy.io and via our website https://stellaenergy.io

14. Data Protection Agency

14.1 You can complain to the Danish Data Protection Agency (in Danish: “Datatilsynet”) regarding Stella's processing of your Personal Data:

Datatilsynet  
Borgergade 28, 5.
1300 Copenhagen K  
Phone: +45 3319 3200
Email: dt@datatilsynet.dk
www.datatilsynet.dk