Privacy and Cookies Policy

Last Updated: 24th August 2020

ICO Registration Number: Z2282125


1. Introduction

Pod Point Limited ("we") are committed to safeguarding the privacy of our website visitors, app users and service users. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

This policy sets out how we, as data controller, collect and use your personal information, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information, that may arise from you buying and using our products and services.

You can specify whether you would like to receive direct marketing communication from us and can withdraw your consent and unsubscribe by clicking the ‘unsubscribe’ link in the footer of the emails we send.

Please do not supply any other person’s data to us unless we prompt you to do so.

2. How we use your data

We process several types of personal data, in order to administer our business and services and/or fulfil our contract with you. The different categories of data we process; the reasons why we process; and our legal basis are detailed below:

Type of Data

Purpose

Type of Data/ Source

Lawful basis for processing

Website and services Usage Data

To enable us to improve our website, app and services to better fit your needs.

IP address; geographical location; browser type and version; operating system, referral source, length of visit, page views and website navigation paths, the timing, frequency and pattern of your service use gathered from our analytics tracking systems which track the behaviour of customers on the mobile app and website in order to determine the success of features and layouts so that improvements can be made; amount of energy drawn through chargepoints, energy usage data (an energy measurement collected at five minute intervals from the household by the Pod Point Current Clamp (“Energy Usage Data”)).

1. Our legitimate interests to improve our website, products and services.

2. In the case of processing your Energy Usage Data, your consent.

Account and Services Data

To enable us to operate a secure website and app and provide the services you expect and want from us based on our contract with you or your employer.

Also to maintain backups of databases and to communicate with you.

We may also use your Account Data to make OLEV Grant applications on your behalf.

Name, address, email, telephone number, username, password, signature, vehicle registration number, VIN number (ID number of your vehicle found on the chassis), MPAN number (serial number for every Pod Point meter), IP address, MAC address (the device ID which you use to access our website, app or services); amount of energy drawn through chargepoints, Energy Usage Data and account number.

We get this information from you, the person who installs your Pod Point or your employer may provide data too if they have an account with us, namely your business address; email; telephone; driving licence details; job title and employers name.

If you use the app the data may include your mobile device ID, account name and password.

Whilst we do share Services Data with our business partners, which may include example Service usage profiles, this is always anonymised, aggregated data which means that it never discloses details about an identifiable individual. It discloses only patterns of use rather than anything about particular users.

1. Our legitimate interests to properly and securely administer our products and services.

2. Performance of a contract with you or your employer.

3. In the case of processing your Energy Usage Data, your consent.

4. Our legitimate interests to build strong partnerships with our business customers.

Publication data

To enable us to publish information that you post on our website or app.

Information that you post on our website, app or through our services.

1. Our legitimate interests in using customer feedback to promote our products and services.

      Enquiry data

      To offer, market and sell relevant services to you.

      We may also share this data with 3rd party contractors, organisations who have relationships with these contractors and service providers who facilitate this data sharing so that:

      • Installation of products you have purchased from us can be carried out.

      • You can purchase products and services you have expressed interest in ordering.

      Any data you provide in your enquiry.

      1. It’s necessary to perform the contract.

      2. We have a legitimate business interest to tell you about the various products and services we can offer and facilitate you purchasing them / having them installed.

      Transaction data

      To allow us to process your purchases, and keep proper records.

      Your contact details, your card details and the transaction details.

      1. Performance of a contract with you.

      2. Our legitimate interests in ensuring our financial transactions with customers are managed efficiently.

      Notification Data

      To send the emails or newsletters that you’ve subscribed to.

      Your contact details.

      1. Your consent if you have expressly agreed to receive the emails from us.

      2. Our legitimate business interests – if you have not opted out of being contacted during the online purchase journey of one of our products or if you are a corporate customer, it’s in our business interests to be able to market and promote our products to you.

      Correspondence Data

      To communicate with you and to keep proper records.

      The communication content and metadata associated (if communication is via our website contact form).

      1. Our legitimate interests.


      We may also process and disclose any of your data identified in this policy to protect the legal rights of you, us and any other individual. This is because we have legitimate business interests to:

      • establish, exercise or defend legal claims, in court or an out-of-court procedure.
      • obtain or maintain insurance cover, manage risk or obtain professional advice, in order to properly protect our business against risk.
      • comply with any legal obligation to which we are subject, or in order to protect the vital interests of you or any other person.

      3. Providing your personal data to others

      We may provide your personal data to any member of our group of companies (this means our subsidiaries and our holding company).

      We may disclose personal data, on a “need to know” basis to:

      • Our insurers and professional advisors.
      • Our installation engineers and operations team, who may be subcontractors, to enable them to install the equipment you need to use our services. Our installers may also pass your Account and Services Data to us to activate your Pod Point post installation services and the warranty. Installers may also process your personal data on their own behalf, and you may wish to check the Installer’s own privacy policy for more details.
      • Our payment services provider Stripe Payments Europe Ltd to enable them to process your payments. Data is limited to transaction data and is used to process or refund payment and to deal with complaints and queries. You can find more information here: https://stripe.com/gb/privacy
      • Our IT service providers from whom we license technology. This enables us to carry out essential business operations.
      • Any organisations or government departments who may offer funding or grants to you in respect of the services we provide.
      • Affiliates or partners from whom you’ve consented to receive marketing.
      • Energy tariff switching providers, if you have selected this functionality and agreed to your Energy Usage Data being shared.
      • Any public or regulatory authority if we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by such bodies.
      • Selected other third party service providers to manage our customer relationships.

      Please note that on the termination of any relationship between you and us, personal data relating to you may be retained by or, as the case may be, transferred to one or more of the groups of companies listed above, their successors and assigns if that’s necessary for us to comply with contractual, legal or financial obligations.

      4. International transfers of your personal data

      We have offices and facilities in the United Kingdom and Norway, both subject to the EU’s high standards of data protection and the hosting facilities for our website and app are situated with the EU.

      Some of our IT service providers are situated in the United States of America. Transfers to the USA will be protected by appropriate safeguards, either:

      • Standard data protection clauses adopted by the European Commission; or
      • Self certification of compliance with the Privacy Shield programme designed by the EU and US government to demonstrate a company’s compliance with EU data protection standards.

      To see copies of the standard data protection clauses adopted by the EC, you can click here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

      You acknowledge that personal data you provide us for publication through our website, app or services may be available via the internet around the world. We cannot prevent the use (or misuse) of this personal data by others.

      5. Retaining and deleting personal data

      Personal data will not be kept by us for longer than is necessary to meet the purpose stated. We will however need to retain your personal data where such retention is necessary for compliance with a legal obligation, or in order to protect the vital interests of you or any other person.

      6. Security of personal data

      We are committed to keeping your personal information safe. We’ve got physical, technical and administrative measures in place to prevent unauthorised access or use of your information and we ensure that we comply with our own internal security policies.

      We also require that our suppliers protect such information from unauthorised access use and disclosure.

      We will also routinely refresh our information to ensure we keep it up-to-date.

      7. Amendments

      We may update this policy from time to time by publishing a new version on our website. The last publication date will be referenced at the beginning of the Privacy Policy. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of material changes to the policy by email.

      8. Your rights

      This is a summary of your rights under data protection law. Some of these rights are very complex so we have just summarised them. You may obtain guidance from the ICO for a more detailed explanation.

      • You can remove consent, where you have provided it, at any time, as well as update any of your opt-in marketing preferences by using the Subject Access Request form available here.
      • You can ask us to confirm if we are processing your information.
      • You can ask for access to your information.
      • You can ask to correct your information if it’s wrong.
      • You can ask us to delete your information.
      • You have a right to be forgotten and you can ask that our systems stop using your information.
      • You can ask us to restrict how we use your information.
      • You can ask us to help you move your information to other companies.
      • You can ask us to stop using your personal information, but only in certain cases.
      • You have the right to complain to the relevant supervisory authority.

      9. Automated decision making

      We do not use automated decision making.

      10. Updating information

      Please let us know if the personal information that we hold about you needs to be corrected or updated.

      11. Cookies

      A cookie is a file containing an identifier (a string of letters and numbers) sent by a web server to a web browser and stored by the browser. This identifier is then sent back to the server each time the browser requests a page.

      Cookies can either be ‘persistent’ when a cookie is stored by the browser until its set expiry date (or when deleted by the user) or ‘session’ when the cookie expires at the end of the session when the web browser is closed.

      Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

      12. Cookies that we use

      We use cookies for the following reasons:

      Reason Purpose Type of cookie
      Authentication To identify you when you visit the website and as you navigate round. Session ID
      Status To determine if you are logged into our website. Session (expiry date and time)
      Personalisation To store information about your preferences and to personalise our website for you. Locale
      Security As part of the security measures to protect user accounts and our website, including preventing fraudulent use of login credentials. Session (expiry date and time) Session ID and XSRF tokens
      Advertising As a way to display advertisements that will be relevant to you. See privacy links below
      Analysis To help analyse the use and performance of our website and services. See privacy links below
      Optimising Customer Interactions We use a cookie from a company called ‘Salesforce’ which remembers a user’s history when they interact with ‘live chat’ functionality on the website. Salesforce’s privacy policy is available at https://www.salesforce.com/uk/company/privacy/

      13. Cookies used by our service providers

      Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

      We use analytics cookies to analyse the use of our website. The information gathered relating to our website is used to create reports about the use of our website. The privacy policies of our analytics providers are available through the following URLs:

      Google: https://www.google.com/policies/privacy/

      Mixpanel: https://mixpanel.com/privacy/

      Segment: https://segment.com/docs/legal/privacy/

      Hotjar: https://www.hotjar.com/privacy

      Optimizely: https://www.optimizely.com/privacy/

      Twitter: https://twitter.com/en/privacy

      Facebook: https://www.facebook.com/full_data_use_policy

      We also use third party cookies to optimise and measure the effectiveness of our online advertising campaigns. For example we can track which adverts on certain sites lead to potential customers visiting our website. We can target our online adverts to those web users who have previously visited our website or our followers on social media. To do this we use cookies from Google Adwords; Twitter advertising; Facebook; Doubleclick and LinkedIn. The privacy policies are detailed above, and in addition:

      Google’s advertising privacy policy: https://www.google.com/policies/technologies/ads/

      LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

      14. Managing cookies

      We ask you to consent to our cookies when you navigate to our website. Most browsers allow you to refuse to accept cookies and to delete cookies but blocking all cookies will have a negative impact upon the usability of many websites (including ours).

      The methods to do so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via the following links:

      Chrome: https://support.google.com/chrome/answer/95647?hl=en

      Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

      Opera: http://www.opera.com/help/tutorials/security/cookies/

      Explorer:https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

      Safari: https://support.apple.com/kb/PH21411

      Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

      15. Our details

      This website is owned and operated by Pod Point Limited. We are registered in England and Wales under registration number 06851754, and our registered office and principal place of business is at 28-42 Banner Street, London, EC1Y 8QE.

      You can contact us by:

      • post, to the postal address given above;
      • telephone, on the contact number published on our website from time to time; or
      • using the Subject Access Request form available here.

      16. Data protection registration

      We are registered as a data controller with the UK Information Commissioner’s Office as our lead supervisory authority. Our data protection number is Z2282125.