By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Privacy Policy / Data Privacy

For the use of Charging Services

Version: 24.07.2024

Your privacy is important to us. In order to protect your privacy, weprovide you with the following information about how we process your personaldata when using the TURBOVOLT Charging Services.

We process your personal data solely on the basis of legal requirements, in particular the General Data Protection Regulation ("GDPR"), relevant national data protection laws (“DSG”).

For better understanding, we would like to explain the most important GDPR terms according to their legal definition:

  • Personal data: Any information relating to an identified or identifiable natural person("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval,consultation, use, disclosure by transmission, dissemination or otherwisemaking available, alignment or combination, restriction, erasure or destruction.
  • Data subject: The person whose personal data are processed.
  • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personaldata.
  •  Processor:  Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Consent (of the data subject): Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Who is the controller of the data processing activity and whom can I contact?

  • 1.1 TURBOVOLT GmbH, Iglaseegasse 62, 1190Wien (hereafter as "TURBOVOLT", "we", “our","us") is the data controller within the meaning of Art. 4para. 7 GDPR with regard to the processing of your personal data when using our charging services.
  • 1.2 You can reach us at:
  • TURBOVOLTGmbH
  • Tuchlauben7A
  • 1010Vienna
  • [email protected]
  • 1.3 You can reach our person responsible for data protection issues at +43 676 595 9459 or at the above address adding "Data protection" / "for the attention of AnitaTatalovic".
  • 1.4 If you have any questions regarding the processing of your personal data or if you wish to exercise any rights under the GDPR, please contact us as described above under point 1.3.

2. Forwhat purposes and on what legal basis is your personal data processed?

  • 2.1 Use of our charging services via the payment terminal
  • 2.1.1       When you use the payment terminals to start a charging session you need to authorize the payment by using a bank card (credit or debit card). The data of the provided bank card will then be processed in order to ensure that there is sufficient funds for the charging session (pre-authorization). Within the scope of the authorization, the card data provided by you will be transmitted to the payment service provider of your card in order to carry out the (pre-) authorization of the payment. After the completion of the charging session, we will make an invoice available to you, which you can access via the steps described in point2.1.2 below, in which the purchased charging service, the amount of energy transferred, and the charging price, including the legally owed VAT, are set out. This processing of your personal data is necessary for the performance of a contract. The legal basis is Art. 6 para. 1 lit. b GDPR. If you do not provide the aforementioned data, you will not be able to use our charging services.
  • 2.1.2 To access and download your invoice after the end of the charging session, you must eitherscan the appropriate QR code, provided on the charger and the payment terminal,and i) input the date of the charging session and ii) last four digits of the bank card used for the payment of the charging session or visit the webpage https://www.enio.at/etsweb3/?lang=en&provider=turbovolt and i) input the date of the charging session and ii) last four digits of the bank card used for the payment of the charging session to get access to the charging session invoice. The data provided, in particular the last four digits of the bankcard, are required in order to be able to correctly allocate the respective charging session and to search for and prepare the corresponding invoice. The legal basis is Art. 6 para. 1 lit b GDPR. If you do not provide the aforementioned data, we will not be able to provide this billing service.
  • 2.2 Use of our charging services via thepayment website
  • 2.2.1 When you authorize the charging of your vehicle you can scan the QR code provided at the charging point. By clicking on the QR code link, you will be forwarded to a payment website (“ETSWeb”) where details about the charger and price is displayed. When you open this website, personal data such as your IP address and date and time of access is transmitted to us. This data processing is necessary to make the website available on the device you are using, thus for the performance of the contract. The legal basis is Art. 6para. 1 lit. b GDPR. If you do not provide the aforementioned data, you will not be able to use our charging services. The ETSWeb page uses the following cookies and data:

 Cookie name

 Category

 Duration/

 Expiration

 Purpose/Description

 Type

 Domain

Third Parties’ privacy notice

 captcha

 Technical

 1 Day

Used in order to detect spam and improve the website's security.

 

 

 

 CookieConsent

 Technical

 1 Year

Stores the user's cookie consent state for the current domain.

First-party

 

 N/A

 JSESSIONID

 Technical

 Session

Identifies the browsing user's session in order to keep it active for the duration of the visit (preserving users states across page requests). It does not contain logged-in/unlogged-out user’s information.

 First-party

 

 N/A

 browserTitel

 Technical

 10 years

Used in order to curate the visual appearance and overall experience of the website, including elements such as design, layout, colours, graphics, and usability.

 First Party

 

 

 css

 Technical

 10 years

Used in order to curate the visual appearance and overall experience of the website, including elements such as design, layout, colours, graphics, and usability.

 First Party

 

 

 logo

 Technical

 10 Years

Used in order to curate the visual appearance and overall experience of the website, including elements such as design, layout, colours, graphics, and usability.

First Party

 

 

 newLayout

 Technical

10 Years

 Used in order to curate   the visual appearance and overall experience of the website, including elements such as design, layout, colours, graphics, and usability.

 First Party

 

 

 %20orderReference%20 

 Technical

 10 Years

 Defines direct payment   provider and returned   order reference.

 

 

 

 Provider

 Technical

 10 years

 Show the contents of   privacy policy / terms and   conditions.

 First Party

 

 

2.2.1 When continuing with payment, you will be forwarded to a payment page, where you will be asked to enter your bank card details. The data of the provided bank card will then be processed in order to ensure that the reis sufficient funds for the charging session (pre-authorization). Within the scope of the authorization, the card data provided by you will be transmitted to the payment service provider of your card in order to carry out the (pre-) authorization of the payment. This information is required to fulfil the contract, thus the legal basis is Art. 6 para. 1 lit b GDPR. If you do not provide the aforementioned data, you will not be able to use our charging services.

2.1.1 After the completion of the charging session, to access and download your invoice you must either scan the appropriate QR code, provided on the charger and the payment terminal, and i) input the date of the charging session and ii) last four digits of the bank card used for the payment of the charging session or visit the webpage https://www.enio.at/etsweb3/?lang=en&provider=turbovolt and i) input the date of the charging session and ii) last four digits of the bank card used for the payment of the charging session to get access to the charging session invoice. When you open this website, personal data such as your IP address and date and time of access is transmitted to us. The data provided, in particular the last four digits of the bank card, are required in order to be able to correctly allocate the respective charging session and to search for and prepare the corresponding invoice. The legal basis is Art. 6 para. 1 lit bGDPR. If you do not provide the aforementioned data, we will not be able to provide this billing service.

2.3 Enquiry via contact form, email or telephone

2.4.1 If you send an enquiry to us via the contact form on the website, by email, or if you contact us by telephone, we will process the following personal data to respond to the enquiry in order to fulfil pre-contractual measures, to fulfil the contract(Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interests in being able to process your enquiry (Art. 6 para. 1 lit. f GDPR): Name; email address; content of the enquiry; other information you provide to us voluntary.

2.4.2  The provision of the above information is voluntary. However, if you do not provide certaininformation (such as your email address), we may not be able to process your enquiry.  

2.5    Marketing communication

2.5.1 We send our customers communications (by e-mail) to advertise our services or products("promotional messages"). For this purpose, we process your name, contact details and other information that you provide to us in connection with the receipt of promotional messages. The customer can object to the sending of promotional messages at any time by sending an email to [email protected] will also give you the opportunity to opt out of receiving further promotional messages with each promotional message. The legal basis for sending promotional messages is Section 174 (4) TKG 2021. For users in Croatia, the sending of promotional messages is being done in line with Section 50 (5) of theCroatian Electronic Communications Act and the users can also object to the use of their email for promotional messages at the moment their email address is being collected.

2.5.2 If you voluntarily provide us with your contact details and other data for the purpose of provision ofinformation materials or sending newsletters, we process your data on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent atany time without giving reasons by sending an email to [email protected].

 

2.6 Legal prosecution

2.6.1 If an administrative or judicial dispute arises, the personal data necessary for the appropriate legal prosecution will be processed and, if necessary, transmitted to legal representatives, courts and administrative authorities. In this context, your contact details (name, address) and other data in connection with the legal dispute in question (your behaviour in relation to the use of our services)will be processed. The aforementioned personal data is processed on the basis of our legitimate legal interests in legal prosecution in accordance with Art.6 para. 1 lit. f GDPR and Art. 9 para. 2 lit. f GDPR.

 

3.  Which recipients will receive your personal data?

3.1 We transmit your personal data to third parties as far as this is necessary to provide the requested TURBOVOLT services. Such third parties are in particular First Data GmbH, with registered address in Marienbader Platz 1, 61348Bad Homburg v. d. Höhe, Germany, with company registry number: 14567 (the payment service provider), ENIO GmbH, with registered seat in Geyschlägergasse14, 1150 Vienna Austria, company registry number: 407383 v (the back office provider), and Significo d.o.o., with registered seat in Zagreb (Grad Zagreb), Radnička cesta 80,Croatia, personal identification number: 52435554303 (the customer service provider).

3.2 We transfer your personal data to such processors in accordance with Art. 28 GDPR. We use processors to perform services on our behalf. The processors may only process the personal data provided to them in accordance with our instructions and to the extent necessary to perform the services for us. We contractually require these processors to ensure the confidentiality and security of the personal data they process on our behalf.

3.3 If an administrative or judicial dispute arises, the personal data necessary for the appropriate legal prosecution will be processed and, if necessary, transmitted to legal representatives, courts and administrative authorities. In this context, your contact details (name and email address) and other data in connection with the legal dispute in question (your behavior in relation to the use of our services) will be processed. The aforementioned personal data is processed on the basis of our legitimate legal interests in legal prosecution.

 

4. How long will your personal data be stored?

4.1 We store your personal data for as long as is necessary to provide our services or for aslong as is necessary to pursue or defend against legal claims or to fulfil statutory retention obligations (please see details in this section below).

4.2  In relation to your registration, your personal data will only be stored for as long as isnecessary to fulfil the relevant purpose, in particular as long as for example to:

  • enable you to access and navigate through the website when using the QRcode, when paying via the website;
  • be able to process payments based on the entry of bank card details on the website;
  • provide digital invoices when you pay via the website or the QR code.

4.3 We will storey our data if and insofar as this is necessary to fulfil statutory retention obligations (Pursuant to Section 132 para. 1 Federal Fiscal Code (“BAO”);Sections 190, 212 Austrian Commercial Code (“UGB”): 7 years) or to pursue or defend against legal claims (generally for a period of 3 years), whereby longer processing of the data may be necessary in the event of imminent or specific proceedings.

4.4 If data processing is based on your consent, we will process your data until your consent is revoked. You can withdraw your consentat any time by sending an email to [email protected]. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

5. Information about security measures

5.1 Your personal information is protected by appropriate organisational and technical measures. These measures relate in particular to protection against un authorised, unlawful or accidental access, processing, loss, use and manipulation. We protect your personal data with the utmost care and in accordance with applicable data protection laws, including the GDPR.

 

6. What rights do you have?

6.1 You have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR) to your personal data processed by us;
  • Right to rectification (Art. 16 GDPR) or completion of your personal data processed by us;
  • Right to erasure (Art. 17 GDPR) of your personal data processed by us unless the processing is necessary under Art. 17 para. 3GDPR;
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object (Art. 21 of the GDPR);
  • Right not to be subject to automated individual decision-making, including profiling (Art. 22 GDPR);
  • Right to withdraw consent once given (Art. 7para. 3 GDPR). Withdrawal of your consent does not affect the lawfulness of theprocessing carried out on the basis of the consent until the withdrawal.

6.2 In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR) if you consider that the processing of your personal data by us is in breach of the GDPR. In Austria, the competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).

In Croatia, thecompetent supervisory authority is the Croatian Data Protection Authority (Agencijaza zaštitu osobnih podataka), Selska cesta 136 10000 Zagreb, Croatia, email: [email protected], website: https://azop.hr/.

6.3 If you have any questions in connection with the processing of your personal data or wish to assert any rights under the GDPR, such as your right to erasure or your right of access, please contact TURBOVOLT as described above in point 1.3.