Privacy Policy

As part of its activities, DRIVECO publishes a website accessible at driveco.com (hereinafter the “Site“) which includes a section dedicated to accessing and paying for the recharging service provided by the charging stations that are part of the DRIVECO’s network (the “Recharging Portal“), as well as several mobile applications available on the Android and iOS platforms (the “Mobile Applications“).

We attach the greatest importance to respecting the privacy and personal data of persons who interact with us via the Site, the Mobile Applications, or by any other means. Thus, we implement appropriate technical and organizational measures to ensure that your personal data is processed in accordance with the regulations in force (in particular the General Data Protection Regulation No. 2016/679 of 27 April 2016 (hereinafter “GDPR”) and the French Data Protection Act of 6 January 1978 as amended).

The terms “data” or “personal data” used in this document have the same meaning as the term “personal data” in the GDPR. Other terms common to this document and the GDPR, such as “processing“, “controller“, “processor“, or “recipient” have the meaning given to them in the GDPR.

The purpose of this document is to inform you in a clear and transparent way about:

How we process your personal data and what rights you have in this regard;
The use of cookies on our Site.

Aware of the importance of clear and transparent information in this area, we have integrated various tables to help you better understand our practices regarding the management of your personal data and facilitate the exercise of your rights.

We apply the principles of data minimization, data protection by design and by default.

Consequently, we only collect information that is relevant, adequate and limited to what is necessary for the purposes for which the data is collected and processed.

1. WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA?

The data controller is, within the meaning of the GDPR, the person who determines the purposes and means of the data processing, i.e. for what purpose(s) and in what way your personal data are processed.

The person responsible for processing your data is DRIVECO, a simplified joint stock company registered in the Bastia trade and companies register under number 818 943 938.

We have appointed a Data Protection Officer (“DPO”) who will be your privileged contact for all questions relating to the protection of your personal data. You can contact the DPO by e-mail at dibbdpo@dibb.fr

2. WHAT PERSONAL DATA DO WE COLLECT AND HOW?

2.1 Data collected

Identification and contact data: we process the data necessary to contact you and process your request for information. This data includes your email address, your name and phone number.

Identification, connection and payment data on the Mobile Applications: we process data allowing you to create a user account on the Mobile Applications and connect to your user account on the Mobile Applications. This data includes your identification data (email address, password), the date of your last connection, the last date of acceptance of the legal terms and conditions (general conditions of use, general conditions of sale, privacy policy). You can also enter your credit card number in your user account in order to facilitate payment of the recharge service; this number is processed securely by our partner (INGENICO) and is not kept by DRIVECO. Finally, you can also associate a badge number with your user account.

Identification and payment data for the provision of the recharge service via the Recharge Portal: in order to allow you to access the recharge service and proceed with its payment via the Recharge Portal, you must enter several personal data such as your email address and your bank card number when the recharge service is subject to a fee; this number is processed securely by our partner (INGENICO) and is not kept by DRIVECO.

Browsing data of the users of the Site: when you browse the Site, a certain amount of data is collected concerning your terminal (computer, smartphone, tablet), your browser, the pages and the content that you consult. This data may include directly or indirectly identifying data such as, for example, your IP address or a unique identifier linked to your terminal, operating system, software or other.

Customers and prospects data: we process the data necessary to make commercial contact in order to respond to their request, to present our service offers and to subsequently manage our business relations with our customers and prospects. This data includes in particular e-mail addresses, your name and telephone numbers.

Business partners Data: We process data that is necessary and relevant to the management of our relationships with our business partners. This data includes email addresses, your first and last name and telephone numbers.

Candidate data: we process personal data that you provide to us in the context of your responses to our job and internship offers. This data may include your e-mail address, first and last name, telephone number and curriculum vitae.

Employee data: we process the data necessary and relevant to the management of our working relationship with our employees. The methods of processing this data are detailed in the documents organizing our working relationship with our employees.

2.2 How we collect your data :

Collection via the Site (forms): we process the data that you voluntarily communicate to us via the form fields provided for this purpose on the Site. Required fields are marked with an asterisk. If you do not provide this information, you will not be able to send us your message.

Collection via the Mobile Applications: we process the data you provide via the form fields provided for this purpose on the Mobile Applications. Required fields are marked with an asterisk. If you do not provide this information, you will not be able to use the functionality associated with the form.

Collection via the Recharging Portal: we process the data that you voluntarily communicate to us via the form fields provided for this purpose on our Recharging Portal, allowing you to access the recharge service and, if applicable, to proceed with its payment. Required fields are marked with an asterisk. If you do not provide this information, you will not be able to access the recharge service.

Use of cookies or other tracers on the Site: We use cookies or other types of “trackers” on our Site. A cookie is an electronic file stored in your terminal (computer, tablet, smartphone…) and associated with the Site. This file is automatically sent back during subsequent contacts with the Site. When you browse this Site, cookies from us and/or third-party companies may be placed on your terminal. The first time you browse this Site, a banner explaining the use of cookies will appear and will allow you to configure your choices. We use different types of cookies generally set as a response to actions you have taken that constitute a request for services, such as setting your privacy preferences, logging in, or filling out forms. They allow us to record information between several visits to the Site on the same device. These cookies are necessary for the operation of the Site and do not require your consent. They are therefore deposited automatically on your terminal. The refusal of these cookies is likely to affect the functioning of the Site and the quality of your browsing experience. “Statistical” or audience measurement cookies: These cookies allow us to evaluate your actions on the Site in order to assess the frequency and volume of visitors and to improve the functioning and ergonomics of the Site. These cookies may be “internal” (i.e., deposited by us) or “third party” (when deposited by third parties). Your agreement is requested prior to the deposit of these cookies, i.e. at the time of your first connection, by means of a box to be checked on our cookies banner (except when the cookie is strictly necessary for the functioning and the current administration operations of the Site).

Collection of publicly available data (information about our potential customers) via professional social networks (LinkedIn, etc.) or other public sources of information.

Direct collection: we process the data you send us directly by any means (email, mail).

3. WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PERSONAL DATA PROCESSING THAT WE IMPLEMENT?

Type of data	Purpose of the processing	Legal basis
Identification and contact data	Making contact / prospecting.	Legitimate interest GDPR, Article 6.1.f)
	Sending of newsletters.	Consent GPDR, article 6.1.a)
	Sending commercial communications (promotional offers, coupons, contests, etc.).	Consent GPDR, article 6.1.a)
Identification, connection and payment data on Mobile Applications	Access to the functionalities offered by the Mobile Applications, and in particular the possibility of creating a user account. Provision and management of the recharge service.	Execution of the contract GDPR, article 6.1.b)
Identification and payment data for the provision of the recharging service (Recharging Portal)	Provision and management of the recharge service.	Execution of the contract GDPR, article 6.1.b)
Browsing data of the users of the Site	Provision of a functional, secure Site adapted to the different types of terminals and browsers present on the market.	Legitimate interest GDPR, Article 6.1.f)
Browsing data of the users of the Site	Statistics and audience measurement.	Consent GPDR, article 6.1.a)
Prospects data	Prospecting: identify potential new clients and present our service offers Data collected via public information sources.	Legitimate interest GDPR, Article 6.1.f)
Customers data	Management of our relationship in the provision of the services.	Execution of the contract GDPR, article 6.1.b)
Business partners data	Performance of the service contract.	Execution of the contract GDPR, article 6.1.b)
Candidate data	Management of applications and storage of applications in a database.	Consent GPDR, article 6.1.a)
Employee data	Management of our working relationships.	Execution of the contract GDPR, article 6.1.b)

4. WHAT SECURITY MEASURES DO WE IMPLEMENT TO PROTECT YOUR PERSONAL DATA?

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access.

We also monitor the way our service providers process your personal data to ensure that they provide sufficient guarantees that appropriate data security measures are in place.

5. HOW LONG DO WE KEEP YOUR DATA?

Personal data are kept for the period necessary to achieve the purposes for which they are collected, as described in Article 3, plus the duration of the legal requirements.

The main retention periods are the following:

Data relating to users of the recharging service: duration of the contractual relationship, increased by 5 years. Invoices are kept for 10 years following the year in which they were issued;
Data relating to prospects: 3 years from the last contact with us (subject to the absence of opposition from the prospect at the time of contact);
Customer data: duration of the contractual relationship, increased by 5 years, of which 3 years for commercial prospecting purposes;
Business partner data: duration of the contractual relationship, increased by 5 years;
Candidate data: necessary to process active applications and, in case of negative outcome, 2 years from the last contact with the candidate;
Documents and accounting records: 10 years;
Data necessary for the management of disputes: 5 years (legally applicable limitation period).

6. WHAT ARE YOUR RIGHTS?

You have a number of rights over your data, which you can exercise under the conditions set out in the GDPR. You will find below a summary of these rights.

Your rights	Purposes
Right of access GDPR, Article 15	Obtain a readable and understandable copy of the data we have about you, as well as a copy of this document in a durable medium.
Right of rectification GDPR, Article 16	Obtain the rectification, update or completion of data concerning you.
Right to withdraw consent GDPR, Article 7, 3.	To obtain, for the future, the cessation of the processing of the data for which you have consented to the processing.
Right to object GDPR, Article 21	To obtain, for the future, the cessation of the processing of your data when this processing is based on our legitimate interest or that of a third party (subject in particular to legitimate and compelling reasons) or when your data is used for commercial prospecting purposes.
Right to erasure (right to be forgotten) GDPR, Article 17	Obtain the deletion of all or part of your data, or their complete and irreversible anonymization, under certain conditions (in particular if you consider that the data are no longer necessary, if you have withdrawn your consent or if you consider that your data are the subject of an illicit processing). In this case, we may nevertheless need to retain certain data to meet our legal obligations or to enforce our legal rights.
Right to limit processing GDPR, Article 18	Obtaining the retention of your data without further use (e.g. if you believe that the data is no longer needed or is being processed unlawfully). In this case, your data is temporarily isolated and no longer used (subject to our legal obligations or the exercise of our legal rights).
Right to data portability GDPR, Article 20	Obtain a copy of the data you have provided to us in a reusable computer format for transfer to another data controller.
Right to define post-mortem directives	Tell us how you want us to handle your data in the event of your death.

You may exercise these rights at any time and free of charge, except in the case of manifestly unfounded or excessive requests (in particular because of their repetitive nature). In this exceptional case we reserve the right, in accordance with the provisions of the GDPR (Article 12, 5)), to require payment of a reasonable fee or to refuse your request.

You can exercise your rights by contacting our Data Protection Officer electronically at: dibbdpo@dibb.fr

If you feel that we have not responded satisfactorily to your request, you can contact the Commission Nationale de l’Informatique et des Libertés (CNIL), via its website www.cnil.fr or by post at the following address CNIL – 3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

7. WHO HAS ACCESS TO YOUR DATA?

Some of your data may be accessed, or at least hosted, by the following people:

Our authorized personnel;
Our subcontractors and technical service providers providing services that contribute to the operation of the Site, the Mobile Applications and/or the achievement of the purposes described in Article 3 above;
Our legal service providers (jurists, lawyers), accountants or other consultants;
Our payment service providers and banking institutions;
Owners or operators of charging stations (user data of the relevant charging service);
Our business partners.

Your personal data will not be transferred to recipients outside the European Union (hereafter “EU”) or the European Economic Area (hereinafter “EEA”).

In the event that we process your data outside the EU and the EEA, we undertake to implement the necessary measures to ensure the protection of your data, in particular through the implementation of the European Union’s standard contractual clauses approved by the European Union Commission.

8. MODIFICATIONS

The present document is subject to updates. We invite you to consult this page regularly in this regard.