PRIVACY NOTICE
0. Introduction
The PowerCharge mobile application (“Application” or “Mobile Application”) is a free mobile app that includes a database of charging stations managed by the Data Controller. Based on user logins, the availability of charging stations becomes visible. This Privacy Notice applies to the processing of personal data provided to or necessarily obtained by EPS Connect Zrt. in connection with the provision of the Application.
1. Data Controller
Data Controller: EPS-Cloud Kft.
Registered Office: 1131 Budapest, Dolmány utca 9.
Postal Address: 1131 Budapest, Dolmány utca 9.
Company Registration Number: 01-09-4169925
Tax Number: 32300660-2-4
Website: www.powercharge.hu
Email: info@eps-connect.com
Contact Phone: +36 1 951 6239
Contact Person: Patrik Bársony
For the purposes of this Privacy Notice, personal data means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Application Features and Key Legal Provisions
The Application is continuously evolving, and not all features listed below may be available in a given version. The Data Controller reserves the right to introduce, modify, or discontinue features without prior notice to users. Data processing is carried out for the operation of the following features:
User Features:
- One-click filtering of the charging network
- Display of current charger status (available/occupied)
- Start and stop charging
- Display of ongoing charging sessions
- Listing of charging sessions
Basic Features:
- Map and list view of stations
- Filtering and searching by various parameters
- Listing of stations by distance
- Favorites list for quick access to important locations
- Detailed information for each station: exact costs, images, street view, operator contact details, and more
This Privacy Notice applies to data processing based on the voluntary consent of Data Subjects when using the Application. By completing and submitting the registration form offered by the Application, the Data Subject explicitly consents to the processing of their personal data by the Data Controller in accordance with applicable legal requirements.
The Data Controller does not verify the accuracy of the personal data provided. The person providing the data is solely responsible for its correctness. By providing an email address, the Data Subject also assumes responsibility for ensuring that only they use the service from the specified email address. If the personal data provided is inaccurate and the correct data is available to the Data Controller, the Data Controller is entitled to rectify the data.
As stated in the consent declaration, the Data Subject has the right to withdraw their consent to data processing at any time.
Key legal provisions governing the above data processing:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or “GDPR”)
- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (“Infotv.”)
- Act CLV of 1997 on Consumer Protection (“Fgytv.”)
3. Information on Data Processing
| Legal Basis for Data Processing | The legal basis for our data processing is Article 6(1)(a) of the GDPR — processing based on the data subject’s consent. |
|---|---|
| Scope of Processed Data | When the Data Subject registers by providing personal data, the following information must be provided: - First and last name - Email address (the validity of the email address must be confirmed by clicking a link sent to the provided address) - Desired password |
After registration, the following optional data may also be provided: - phone number
| |
For issuing invoices related to one-time charging sessions, the following additional data must be provided: - Billing name (company name) - Billing address (registered office) - Tax number - payment card data Users can view, modify, or delete the provided data under the “Profile” section of the Application. Changes or deletions may result in the unavailability of certain features. | |
In the case of invoicing for one-time charging sessions, the legal basis for processing is the necessity of processing certain personal data for the performance of a contract [GDPR Article 6(1)(b)]. | |
Location Data: During use, the Application may request permission from the mobile device to access the Data Subject’s location data. When the Application is active, it sends location data to the Data Controller’s server, but only the most recent location is stored. | |
| Purpose of Data Processing | The purposes of data processing include: - Ensuring the use of the PowerCharge Application - Access to certain features and information within the Application - Sending business offers from the Data Controller and its partners (with explicit consent) - Logging and documenting user declarations and activities within the Application - Issuing invoices for one-time charging sessions - Providing customer support related to the services offered through the Application, including handling email inquiries The Data Controller uses personal data exclusively for the purposes specified. |
Authorized Access to Data | Only employees of the Data Controller and Data Processors responsible for maintaining and developing the database are authorized to access the data. |
Duration of Data Processing and Data Deletion Deadlines | For unconfirmed registrations, data is retained for 7 days or up to 8 years from the last use of the Application. Personal data is deleted without delay if Processing was not carried out for a lawful purpose or if the purpose of processing has ceased |
The data stored on the server by the Application includes: individual settings such as charging power, charger types, countries whose charging points should be displayed, language preferences, filters, the operating system and browser type used on the mobile device. These are stored not only on the mobile device but also on the Application’s server. All data on this storage is encrypted.
Cookies and External Services: The Application does not use cookies. Web traffic and other analytics data are measured by an external service provider, Google Analytics. More information on data processing can be found at: https://policies.google.com/?hl=hu](https://policies.google.com/?hl=hu
Upon deletion of the Application, all data stored on the mobile device is also deleted.
Data processed with the Data Subject’s consent will be deleted upon request at any time.
The Data Controller processes the personal data provided by the Data Subject until the profile is deleted within the Application or until the Data Subject submits a written request to unsubscribe from the service. The deletion will occur within a maximum of 10 business days from the receipt of the request.
The Data Controller deletes the personal data of the Data Subject if:
- the processing is unlawful;
- the personal data is incomplete or incorrect and this condition cannot be lawfully remedied, unless deletion is excluded by law;
- the purpose of processing has ceased or the statutory retention period has expired;
- deletion is ordered by a court or authority.
Automatically recorded technical data during the operation of the Application are stored for the period necessary to ensure system functionality. The Data Controller ensures that such automatically recorded data cannot be linked to other personal data of the user, except where required by law. If the Data Subject withdraws consent or unsubscribes from the service, their identity will no longer be identifiable from technical data.
The Data Subject may modify their personal data at any time under the “My Profile” tab in the Application. Requests for changes, deletion, or restriction of personal data may also be submitted via a written statement sent by email.
No personal data is collected or sold.
5. Data Security
The Data Controller undertakes to ensure the security of personal data and implements the necessary technical and organizational measures and procedural rules to protect the collected, stored, and processed personal data and to prevent their destruction, unauthorized use, or alteration.
The Data Controller ensures that unauthorized persons cannot access, disclose, transmit, modify, or delete the processed data. Only the Data Controller, its employees, and any engaged data processors may access the data according to defined authorization levels. The Data Controller does not disclose personal data to third parties who are not authorized to access such data.
Employees of the Data Controller and Data Processors may access personal data only in accordance with their job responsibilities and authorization levels. All personal data is treated as confidential.
To ensure IT security, the Data Controller protects its systems with firewalls and uses antivirus and anti-malware software to prevent internal and external data loss. It also monitors incoming and outgoing electronic communications to prevent abuse. The Data Controller ensures that data stored in electronic records cannot be directly linked to or assigned to users, except as required by law.
The Data Controller guarantees an appropriate level of data security, including, where applicable:
- Pseudonymization and encryption of personal data
- Ensuring the ongoing confidentiality, integrity, availability, and resilience of systems and services used to process personal data (including operational and development security, intrusion protection and detection, and prevention of unauthorized access)
- The ability to restore access to personal data in a timely manner in the event of a physical or technical incident (including data leak prevention and incident management)
When determining the appropriate level of security, the Data Controller considers the risks associated with data processing, particularly those arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
6. Data Processors
A Data Processor is a natural or legal person who processes personal data on behalf of the Data Controller.
| Name (company name) of Data Processor | Processing Activity |
|---|---|
Name: Smart Charging Kft. Seat: 3200 Gyöngyös, Rigó utca 7. Tax number: 26209577-2-10 |
handling data to operate the application |
Name: HANDAV Kft. Seat: 1023 Budapest, Frankel Leó út 45. IV. emelet Tax number: 11548742-2-41, székhely: |
processing data necessary to operate the NAYAX payment terminals |
Nayax Europe UAB Company registration number: 304891914 Antakalnio 17, LT-10312, Vilnius, Lithuania |
Data processing to facilitate cashless payments |
7. Rights Related to Data Processing and Legal Remedies
7.1. Rights of the Data Subject
The Data Subject may request from the Data Controller:
- Information about the processing of their personal data (before and during processing)
- Access to their personal data
- Rectification or supplementation of their personal data
- Deletion or restriction (blocking) of their personal data, except for mandatory processing
- Data portability
- Objection to the processing of their personal data
7.1.1. Right to Information (pursuant to Articles 13–14 of the GDPR)
- The Data Subject may request information in writing from the Data Controller via the contact details provided in Section 7.2 regarding:
- what personal data is being processed,
- on what legal basis,
- for what purpose,
- from what source,
- for how long the data is processed,
- whether a data processor is used, and if so, the name, address, and data processing activities of the processor,
- to whom, when, under what legal basis, and which personal data the Data Controller has granted access or transferred,
- the circumstances, effects, and measures taken in response to any data protection incident.
- The Data Controller shall respond to the Data Subject’s request within one month, by letter sent to the contact address provided by the Data Subject.
7.1.2. Right of Access (pursuant to Article 15 of the GDPR)
- The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed, and, if so, access to the personal data.
- The Data Controller shall provide a copy of the personal data undergoing processing—unless prohibited by other legal provisions. If the request is submitted electronically, the information shall be provided in a commonly used electronic format, unless otherwise requested by the Data Subject.
7.1.3. Right to Rectification (pursuant to Article 16 of the GDPR)
- The Data Subject may request in writing, via the contact details provided in Section 7.2, that the Data Controller correct any of their personal data (e.g., update their email address, phone number, or postal address) or rectify any inaccurate personal data processed by the Data Controller.
- Taking into account the purposes of the processing, the Data Subject also has the right to have incomplete personal data completed.
- The Data Controller shall fulfill the request within one month and notify the Data Subject at the contact address provided.
7.1.4. Right to Erasure (pursuant to Article 17 of the GDPR)
- The Data Subject may request in writing, via the contact details provided in Section 7.2, that the Data Controller delete their personal data.
- This right applies primarily when the processing is based on the Data Subject’s consent. In such cases, the personal data will be deleted.
- If the processing is necessary for the performance of a contract, the request for deletion cannot be fulfilled. In such cases, the Data Controller must retain the data for the duration specified in this Privacy Notice, even after the termination of the contract.
- If no such obligation exists, the Data Controller shall fulfill the request within one month and notify the Data Subject accordingly.
7.1.5. Right to Restriction of Processing (pursuant to Article 18 of the GDPR)
- The Data Subject may request in writing, via the contact details provided in Section 7.2, that the Data Controller restrict the processing of their personal data (clearly marking the restricted status and ensuring separate storage from other data).
- The restriction shall remain in place as long as the reason provided by the Data Subject justifies the storage of the data.
- For example, the Data Subject may request restriction if they believe their data has been unlawfully processed but need the data retained for the purposes of legal proceedings. In such cases, the Data Controller shall retain the data until contacted by the relevant authority or court, after which the data will be deleted.
7.1.6. Right to Data Portability (pursuant to Article 20 of the GDPR)
- The Data Subject may request in writing, via the contact details provided in Section 7.2, to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit that data to another controller without hindrance from the Data Controller, provided that:
- the processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b), and
- the processing is carried out by automated means.
7.1.7. Right to Object (pursuant to Article 21 of the GDPR)
- The Data Subject may object in writing, via the contact details provided in Section 7.2, to the processing of their personal data based on the legitimate interests of the Data Controller or a third party under Article 6(1)(f) of the GDPR, including profiling based on those provisions.
- In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.
- Where personal data is processed for direct marketing purposes, the Data Subject has the right to object at any time to such processing, including profiling to the extent that it is related to such direct marketing. If the Data Subject objects, the personal data shall no longer be processed for such purposes.
7.2. Legal Remedies
Inquiry to the Data Processor
Before initiating legal or administrative proceedings, the Data Subject is encouraged to contact the Data Controller with any inquiries or complaints regarding the processing of their personal data.
In the event that the Data Subject exercises any of their rights related to data processing as set out in Section 7.1, requests information regarding data processing, or submits an objection or complaint, the Data Controller shall investigate the matter without undue delay and take appropriate action within the time limits prescribed by applicable laws, and shall provide information to the Data Subject regarding the matter. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended in accordance with the provisions of the law.
To exercise their rights related to data processing, or if the Data Subject has any questions or concerns regarding the data processed by the Data Controller, or wishes to request information, lodge a complaint, or exercise any of the rights set out in Section 7.1, they may do so using the contact details provided in Section 1 of this Privacy Notice.
Initiating Court Proceeding
The Data Subject may bring an action before a court against the Data Controller or, in relation to data processing operations falling within the scope of the Data Processor’s activities, against the Data Processor, if they believe that the Data Controller or the Data Processor acting on its behalf or under its instructions is processing their personal data in violation of the provisions of applicable laws or binding legal acts of the European Union concerning the processing of personal data.
The case falls within the jurisdiction of the regional court. The action may be brought—at the choice of the Data Subject—before the regional court having jurisdiction over their place of residence or habitual residence.
File Authority Complaint
If the Data Controller fails to act on the Data Subject’s request within the statutory deadline, or refuses the request, the Data Subject may:
- Initiate court proceedings before the competent regional court (based on their residence or place of stay)
- File a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
Address: 1055 Budapest, Falk Miksa u. 9-11.
Website: http://naih.hu
Postal address: 1363 Budapest, Pf. 9.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
8. Miscellaneous
This Privacy Notice is available at www.powercharge.eu. For questions, please contact: info@eps-connect.com.
No automated decision-making, profiling, or transfer of personal data to third countries or international organizations takes place.
The Data Controller reserves the right to unilaterally amend this Privacy Notice in the future. Users will be informed of changes via a pop-up window upon logging into the website. By continuing to use the service, the User acknowledges and accepts the updated data processing rules, even without an explicit declaration of consent.