Privacy Policy

PREAMBLE

DRIVECO designs and develops complete charging solutions for electric vehicles. Within its set of activities, DRIVECO edits a website accessible at the address www.driveco.com (hereinafter “Website”). We assign the greatest importance to respecting the private life and to data of personal nature of the persons agreeing to exchange it with us through the Website or through other means.

Therefore, we put in place technical and organizational measures implemented so that your personal data will be handled conforming with the current regulations (in particular the General Data Protection Regulation n° 2016/679 of 27 April 2016 (hereinafter “GDPR”) and the Law for Information Systems and Freedoms of 6 January 1978 modified).

The terms “data” or “personal data” used in the current charter have the same meaning as that attributed to the term “data of personal nature” in the GDPR. The other common terms between the charter and GDPR, specifically the terms “processor”, “processing owner”, “subcontractor”, or even “recipient” have the meaning attributed to them in GDPR.

The purpose of this charter is to inform you in a clear and transparent manner about :

How we process your personal data and the rights you have in this regard ;
The use of cookies on our Website.

Aware of the importance of clear and transparent information in this domain, we have included various tables to help you better understand our practices regarding the management of your personal data and to facilitate the exercise of your rights.

We apply the principle of minimizing data, of protection of data by design and by default. Consequently, we collect only information that is relevant, adequate and limited to what is necessary in relation to the purposes for which the data is collected and processed.

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA ?

The owner of processing is, as defined by GDPR, the person who determines the purpose and the means of processing of data, in other words for which usage and in what manner your personal data is processed.

The owner of processing your data is the company DRIVECO.

We have appointed a Data Protection Officer (“DPO”) who will be your main point of contact for all questions relating to the protection of your personal data. You can contact them by e-mail at dibbdpo@dibb.fr

You can contact them for all your questions, request for information or complaints.

2. WHICH PERSONAL DATA DO WE COLLECT AND HOW ?

2.1 The data collected

Identification and contact data : we process the data necessary to contact you and to process your request. This data includes your e-mail, your last and first name and phone number.
Connection data : If you have subscribed to a registered account, when you connect to your personal space, we process the data allowing us to be identify you in order to deliver our services to you. This data includes your authentication data (e-mail, password), the date of your latest connection, the history of our exchanges and your interactions with the Website, the date of online acceptance of the current charter and of our T&Cs…
Navigation data of the users of the Website : when you browse the Website, a certain amount of data is collected related to your device (computer, smartphone, tablet), your browser, the pages and the content you consult. This data may include directly or indirectly identifying data such as, for example, your IP address or a unique identifier linked to your device, your operating system, software or other.
Data of our customers or prospects : we process the data necessary to make a commercial contact to respond to their request, present our service offers and the subsequent management of our business relationships with our customers.
Data of our service providers : we process the data necessary and relevant to managing our relationships with our service providers.
Data of our employees : we process the data necessary and relevant to the management of our working relationships with our employees. The procedures for processing this data are detailed elsewhere in the documents organizing our working relations with our employees.
Data of users: we process the data needed for charging vehicles at the charging stations which we are responsible for operating.

2.2 Methods for collecting your data

Collection via the Website : we process the data that you voluntarily communicate to us via the form fields provided for this purpose on the Website to contact you again.
Collection of data publicly accessible (information related to our potential customers) via professional social networks (LinkedIn, etc.) or via other sources of public information.

Use of cookies or other trackers :

We use connection trackers called “cookies” or other types of “trackers” on our Website. A cookie is an electronic file stored in your device (computer, tablet, smartphone, etc.) and associated with the Website. This file is automatically resent during subsequent contacts with the Website.

By browsing this Website, cookies from us and/or third-party companies may be placed on your device.

During the first navigation on this Website, an explanatory banner on the use of cookies will appear and allow you to configure your choices.

We use different types of cookies that are usually set in response to actions you have taken and that constitute a request for services, such as setting your privacy preferences, connecting or filling in forms. They make it possible to record information between several consultations of the Website on the same device.

These cookies are necessary for the operation of the Website and do not require your consent. Therefore they are automatically stored in your device. The refusal of these cookies is likely to affect the operation of the Website and the quality of your browsing experience.

“Statistical” or audience measurement cookies :

These cookies allow us to evaluate your actions on the Website in order to assess the frequency and volume of visitors and to improve the operation and ergonomics of the Website. These cookies can be “internal” (i.e. stored by us) or “third party” (when stored by third parties).

Your consent is requested prior to storing these cookies, at the time of your first connection, by means of a checkbox on our cookie banner (except when the cookie is strictly necessary for the functioning and the day-to-day administration of the Website).

Personalization of content / Advertisement cookies :

We may use advertisement cookies. If necessary, these cookies allow us to offer you content that is adapted to your preferences and interests in terms of products and services, depending, in particular, on your navigation.

Your consent is requested prior to storing these cookies, i.e. at the time of your first connection, by means of a checkbox on our cookie banner.

3. WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING OF PERSONAL DATA THAT WE IMPLEMENT ?

Type of data	Processing purpose	Legal basis
Identification and contact data	Contact / prospecting.	Legitimate interest GDPR, article 6.1.f)
Identification and contact data	Send newsletters.	Consent GDPR, article 6.1.a)
Connection data	Identification of the person connected for the management of our interactions with you through the Website.	Contract execution GDPR, article 6.1.b)
Navigation data including data directly or indirectly identifying.	Offering a functional, secure Website adapted to the different types of devices and browsers on the market.	Legitimate interest GDPR, article 6.1.f)
	Statistics and audience measurement	Consent GDPR, article 6.1.a)]
	Advertising / personalized content	Consent GDPR, article 6.1.a)]
Applicants data	Data communicated by applicant :	Consent GDPR, article 6.1.a)]
Applicants data	Management of applications and storage of applications in a database	Consent GDPR, article 6.1.a)]
Prospects data	Prospecting: identifying new potential customers and presenting our service offer	Legitimate interestGDPR, article 6.1.f)]
Prospects data	Data collected through public information sources.	Legitimate interestGDPR, article 6.1.f)]
Customer data	Management of our relationships in the context of providing services.	Contract execution GDPR, article 6.1.b)
Employee data	Management of our working relationships.	Contract execution GDPR, article 6.1.b)
Supplier data	Execution of the service contract.	Contract execution GDPR, article 6.1.b)
User data	Execution of the electric vehicle charging contract	Contract execution GDPR, article 6.1.b)

4. WHAT SECURITY MEASURES DO WE IMPLEMENT TO PROTECT YOUR PERSONAL DATA ?

We implement the appropriate technical and organizational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access to this data.

We also control how our service providers process your personal data so that the latter provide sufficient guarantees as to the implementation of appropriate data security measures.

5. HOW LONG DO WE KEEP YOUR DATA ?

Personal data is kept for the duration necessary to achieve the purposes for which it is collected, as described in article 3, increased by the duration of the legal requirements.

The main retention periods are the following :

Retention period for personal data :
Data related to applicants: time required to process active applications and, in the event of a negative outcome, 2 years from the last contact with the applicant;
Data related to customers: duration of the contractual relationship, increased by 5 years, including 3 years for commercial prospecting purposes ;
Data related to prospects : 3 years from the last contact with us (subject to the absence of opposition from the prospect when making contact)
Data related to partners : duration of the contractual relationship, increased by 5 years
Data related to users: duration of the contractual relationship, increased by 5 years
Documents and accounting records : 10 years ;
Data necessary for managing litigation : 5 years (legally applicable limitation period).

6. WHAT ARE YOUR RIGHTS ?

You have a number of rights over your data, which you can exercise under the conditions provided for in the GDPR. Please check the summary below.

Your rights	Purpose
Right to access GDPR, article 15	Obtain a readable and understandable copy of the data we have concerning you, as well as a copy of this charter on a durable medium.
Right to correction GDPR, article 16	Obtain the correction, updating or completion of data concerning you.
Right to withdraw consent GDPR, article 7, 3.	Obtain, for the future, the cessation of the processing of the data for which you have given consent for processing.
Right of opposition GDPR, article 21	Obtain, for the future, the cessation of the processing of your data when this processing is based on our legitimate interest or that of a third party (subject in particular to legitimate and compelling reasons) or when your data is used for commercial prospecting purposes.
Right to erasure (right to be forgotten) GDPR, article 17	Obtain the deletion of all or part of your data, or their complete and irreversible anonymization, under certain conditions (in particular if you believe that the data is no longer necessary, if you have withdrawn your consent or if you believe that your data is object of unlawful processing). In this case, we may nevertheless be required to keep certain data to meet our legal obligations or to assert our rights in court.
Right to restriction of processing GDPR, article 18	Obtain the retention of your data without further use (for example if you believe that the data is no longer necessary or is subject to unlawful processing). In this case, your data is temporarily segregated and is no longer used (subject to our legal obligations or the exercise of our legal rights).
Right to data portability GDPR, article 20	Obtain a copy of the data you have provided to us in a reusable computer format to transfer it to another data processing owner.
Right to set post-mortem directives	You indicate to us how you want us to process your data in the event of your death.

You can exercise these rights at any time and free of charge, except in the case of manifestly unfounded or excessive requests (in particular due to their repetitive nature). In this exceptional case we reserve the right, in accordance with the provisions of the GDPR (Article 12, 5), to demand the payment of reasonable costs or to refuse your request.

You can exercise your rights by contacting our data protection officer electronically at: dibbdpo@dibb.fr

If you feel that we have not responded satisfactorily to your request, you can contact the National Commission for Information Technology and Freedoms (CNIL), via its website www.cnil.fr or by mail at the following address: CNIL – 3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

7. WHO HAS ACCESS TO YOUR DATA ?

Some of your data may be viewed, or at least hosted by the following people:

Our authorized personnel ;
Our technical subcontractors providing services involved in the operation of the Website and/or the achievement of the purposes described in article 3 above ;
Our legal services providers (jurists, lawyers), chartered accountants or other consultants
Our payment services providers and banking institutions
…

All the recipients of your data are located within the European Union (hereinafter “EU”). Your personal data will not be transferred to recipients located outside the EU or the European Economic Area.

8. MODIFICATIONS

This charter may be subject to updates. In the event of significant modifications, we will inform you, by means of information placed prominently on the Website, before making these modifications. In other cases, the previous charter will be replaced by the new version which will be immediately enforceable against you. We invite you to regularly consult this page in this regard.