Privacy policy

Client Privacy and Data Protection

GENERAL DATA PROTECTION REGULATIONS COMPLIANT

 

 

1.1        Scope

 

This policy applies to all ctCharge staff, customers, contractors, and suppliers.  Any breach of data protection law or this policy will be dealt with under ctCharge’s review procedure.  The ctCharge data processors and any third parties working with or for ctCharge, who have or may have access to personal information of ctCharge staff and customers, will be required to read, understand and comply with this policy.  No third party may access personal data held by ctCharge without having first entered into an agreement or a contract with it.  The agreement or contract will include data protection obligations and will include a clause within the agreement or contract that gives ctCharge the right to audit compliance.

 

1.2        ctCharge Commitment to Article 5 General Data Protection Regulations Principles

 

ctCharge applies the following data protection principles as established in Article 5 of the General Data Protection Regulations (GDPR):

 

  • Personal data is processed lawfully, fairly and transparently.
  • Personal data is collected for specified, explicit and legitimate purposes.
  • Personal data is accurate and kept up to date.
  • Personal data is kept in a form such that the individual can be identified only as long as is necessary for processing.
  • Personal data is processed in a manner that ensures its security.
  • Appropriate technical measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data is transferred only to a country that the European Commission deems to have an adequate level of protection for personal data (approved countries). Otherwise, personal data can only be transferred to a country outside the EU where the Information and Data Protection Commissioner confirms that adequate safeguards are in place or approved model contract clauses are used or exemptions apply.

 

1.3        Information Collected

 

ctCharge collects Clients’ personal data, where applicable, from its websites, on third-party websites, and on mobile applications, Automatic Vehicle Recognition Cameras, RFID Cards and Contactless Readers and offline in connection with any inquiries, commiunications, etc. you make in relation to our services.  ctCharge may collect your personal data directly or through our service providers, business partners, etc.

 

The following is a non-exhaustive list of examples of data that ctCharge may collect:

 

Personal data / Web / Mobile Data / Payment

-     Name

-     Age

-     Date of Birth

-     Gender

-     Address

-     E-mail address

-     Phone number

-     Mobile number

-     Passport and/or Identity Card Number

-     Vehicle Licence Plate Number

-     Payment Card information (not stored by ctCharge)

-     Purchase prices and details

-     Charges incurred

-     IP address

-     Device ID

-     Browser Type

-     Operating system

-     Mobile device identifiers

-     Geo-location data

-     Country from which you accessed our websites

-     Specific webpages visited

-     Date and time of a visit

-     Websites you visited immediately before and after visiting our websites

-     Number of links and specific links you click within our websites

-     Functions you use on our websites / mobile app

-     Any bookings you make for ctCharge services through our websites / mobile app data you view or download from our websites / mobile app

 

ANPR and CCTV Cameras

-     Automated Number Plate Recognition (ANPR) / number plate

-     Make of Vehicle

-     Colour of Vehicle

-     Vehicle Driver

-     Video Footage

-     Photo Images

 

1.4       ctCharge Legal Basis for using Clients’ Personal Data

 

The Table below presents the legal basis for the key processing carried out with regard to a Client by ctCharge.

 

 

Purpose of Data Processing

To verify authorised users

ctCharge processes personal data to authenticate users for its ctCharge App

To find EV Charger Location

ctCharge processes location data to find nearby charging stations in ctCharge App.

Reserving/Book a Charging Session

ctCharge processes personal data to affect reservation for a charing session.  Data requested may include such as the name, email address, time, date, type of service, car make, car model, car registration or other user specific information.

To pay for a Charging Session

ctCharge processes payment.

To pay a fine for an infringement of the T&Cs

ctCharge processes payment.

Marketing and direct advertising

ctCharge processes Client data for purposes of promoting customer loyalty, implementing customer loyalty and bonus programmes, optimising customer offers, market or public opinion research as well as holding customer events.

Processing based on statutory provisions

 

ctCharge processes Client data to fulfil the legal obligations commercial and tax law provisions, etc.

Cookies and App-tracking

The ctCharge websites use “cookies”, the App uses equivalent tracking tools.  The cookies used by ctCharge neither contain personal data nor are they connected to any such data.  Tracking tools store data about the use of the app either in the app itself or they transmit (anonymised) usage evaluations to ctCharge.

 

To handle Client enquiries and complaints

To confirm the identity of the caller and discuss the enquiry/complaint – including name, address, vehicle registration number, photographic evidence of the contravention.

 

 

 

1.5       Governance

 

ctCharge abides to the following governance requirements:

 

(a) Documentation of data processing activities.

Where ctCharge is the:

 

(i)    Controller for personal data documentation is held as stipulated in Article 30(1) – GDPR.

 

(ii)   Processor for personal data documentation is held as stipulated in Article 30(1) – GDPR.

 

(b) Lawful basis for processing

Article 6 of the GDPR sets the lawful basis for processing – which are (i) consent; (ii) contract; (iii) legal obligation; (iv) vital interest; (v) public task; and (vi) legitimate interests.  The lawful basis for processing is documented.

 

(c) Security

ctCharge has in place an IT security plan.

 

(d) Third Party Relationships

Where ctCharge is the

 

(i)    Controller a written contract is in place with the processors.

(ii)   Processor it acts on the documented instructions of the controller.

 

A review of third-party relationships in order to assess risk following by appropriate action will be periodically carried out.

 

(e) International transfers

Data transfer by ctCharge to third countries or international organisations will be regulated by Articles 44 to 50 of the GRDP.

 

(f)  Data Breaches

In the event of a breach ctCharge will notify the Information and Data Protection Commissioner.

(g) Compliance and reporting

ctCharge manages monitoring, reporting and compliance of this Policy.

 

(h) Training and Awareness

Training of ctCharge staff on the GDPR and this Policy will be carried out as appropriate.

 

1.6       Client’s Right’s

 

The following are the Client’s rights with regard to the use of their personal data and ctCharge.  As a Client:

 

Marketing – You have a right to object to direct marketing.

 

You have a right to object to processing of your personal information for direct marketing purposes. 

Access – You have a right to request a copy of the personal information we hold about you.

You have the right to request access to a copy of your personal data.  If ctCharge is of the considered opinion that your request is manifestly excessive it may refuse your request.  In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.

Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.

 

If you believe that any of the information that ctCharge hold about you is inaccurate, you have a right to request that ctCharge restricts the processing of that information and rectifies the inaccurate personal information.

Erasure – You have a right to request that we delete your personal information.

You may request that ctCharge deletes your personal information if you believe that:

 

o  ctCharge no longer needs to process your information for the purposes for which it was provided;

o  ctCharge requested your permission to process your personal information and you wish to withdraw your consent;

o  ctCharge is not using your information in a lawful manner; or

o  You have objected to your data being processed.

 

Note:  as it is lawful for us to process your personal data in connection with your history of Charging Sessions, ctCharge will not delete such personal data prior to its scheduled deletion date.

 

Restriction – You have a right to request us to restrict the processing of your personal information.

You may request ctCharge to restrict processing your personal information if you believe that:

 

o  Any of the information that held about you by ctCharge is inaccurate;

o  ctCharge no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or

o  ctCharge is not using your information in a lawful manner.

 

Objection – You have a right to object to the processing of your personal information.

You have a right to object to ctCharge processing your personal information, including the profiling of your information (and to request ctCharge to restrict processing).  ctCharge may override this request where:

 

o  It determines that there is a compelling and legitimate grounds for the processing;

o  It needs to process your information to investigate and protect us or others from legal claims.

 

In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.

 

Portability – You have a right to data portability.

You may request ctCharge to transfer to a third-party your data in a machine-readable format where the:

o  Personal information was provided on the basis of consent;

o  Processing is by automated means; and

o  Processing is based on the fulfilment of a contractual obligation.

 

Withdraw consent – You have a right to withdraw your consent.

ctCharge understands ‘consent’ to mean that it has been explicitly and freely given, specific, informed and unambiguous indication of the your wishes by which by statement, or by a clear affirmative action, signifies agreement to the processing of personal data relating to you.

 

Where ctCharge relies on your consent to process your personal information for a particular purpose, you have a right to withdraw your consent at any time for that purpose.

 

 

1.7       Cookies

 

Cookies are text files that are stored in a computer system via an internet browser.  A cookie is a small file of letters and numbers that is stored on a Client’s browser or computer hard drive, if the Client agrees.  The ctCharge website uses cookies.  The website uses cookies to distinguish a client from other users of the websites and portals.  This helps ctCharge to provide you with a good experience when a client uses the website and web-based booking system.  By continuing to use this website or the ctCharge web-based booking system, a client agrees to the use of the ctCharge cookies.

 

ctCharge uses the following cookies:

 

Strictly necessary cookies

 

These are cookies that are required for the operation of the ctCharge websites and web-based booking system.  You block cookies by rejecting the cookie information screen.  It is important to note that if browser settings are set to block all cookies (including essential cookies) one may not be able to access all or parts of the web-based booking system.  Through the use of cookies, ctCharge provides the users of its websites and web-based booking system with access to its system.

Performance cookies

 

These are cookies that collect information about how visitors use the ctCharge website.  These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.  These cookies do not collect information that identifies a visitor.  The information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

 

 

1.8       Presenting a Complaint

 

If you require more information about items raised in this notice please contact ctCharge or you may wish to ask or complain to the Information and Data Protection Commissioner via the https://idpc.org.mt/raise-a-concern/, although please raise any concerns with ctCharge first by emailing dataprotection@ctcharge.mt  or by calling +356 2099 6666.

 

1.8       Changes to ctCharge Privacy Policy

 

From time-to-time ctCharge may amend the way in which it processes personal data.  This may lead to changes in how ctCharge collects and/or use Client personal information.   ctCharge may amend the terms of this Privacy Policy at any time.  The latest version is always found at www.ctcharge.mt

 

 

This privacy policy was last updated on 31st October 2023