The high standards you place on the qualities of our products and services govern how we handle your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospective customers. The confidentiality and integrity of your personal data is one of our prime concerns.
Who is responsible for data processing?
Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, Germany (“DCS”) provides the customer with the Mercedes me Charge services as data controller and is responsible for related data processing activities.
What data do we process about you, for what purpose and how long is the data stored?
The personal data collected in connection with entering into a Mercedes me Charge contract or providing the Mercedes me Charge services are processed to enter into the Mercedes me Charge contract, to allow the customer to use the Mercedes me Charge services (e.g. charging at a charge station) and to invoice the Mercedes me Charge services to the customer. (Art. 6(1)(b) EU General Data Protection Regulation “GDPR”).
Conclusion of contracts
In connection with entering into a Mercedes me Charge contract, the following data categories are processed:
- contact data (e.g. last name, first name, address, email address)
- account data (e.g. the Mercedes me Charge login account, payment details)
- vehicle data (VIN)
The contractual data are automatically erased after expiry of the Mercedes me Charge contract; financial transactions are erased in accordance with the statutory provisions after 10 years.
Provision of services
For the purposes of the provision of the Mercedes me Charge services by DCS the following (where required, personal) information is processed (Art. 6(1)(b) GDPR):
- an individual identification number which is allocated to the Mercedes me Charge card respectively the authentication instrument used by the customer at a charging station
- the charge detail records showing the charging events conducted by the customer.
- the location of the charging station where the charging events are conducted and the location of the customer (the location only to the extent that an e-route service is offered and to the extent the customer has activated the GPS function in the Mercedes me app).
- All other data collected during the charging process.
Although the provision of these data is not required to enter into the Mercedes me Charge contract, DCS is unable to provide you with the respective service if these data are not provided and are not processed. The processed personal data are automatically erased after 90 days unless they are needed longer for the provision of a specific service.
The provision of the customer's vehicle data is necessary for the correct handling of the billing of the charging process with our service provider. The VIN is required to identify the corresponding contractual relationships.
DCS uses commissioned service providers to provide the Mercedes me Charge services.
Securing product quality, research and development of new products
Beyond the mere provision of Mercedes me Charge services, the data collected are also processed for the purposes of quality assurance of the Mercedes me Charge services offered by DCS and for the development of new related services by DCS. These processing activities serve the legitimate interests of DCS to comply with the high standards placed by our customers on existing services and to be capable of satisfying our customers' future wishes through the development of new services (Art. 6(1)(f) GDPR). In order to protect our customers' privacy, the data processed in accordance with this section are processed exclusively in a form that is not directly traceable to the customer.Furthermore, the contact details are used to send direct advertising for our own, similar services or products of DCS (Art. 6 (1)(f) GDPR). The customer will be contacted by email or via the app. At any time, the customer has the right to object to the processing of personal data for the purposes of such advertising using the contact options below.
In individual cases, your personal data may be transferred to third parties. These are companies in the categories of IT services, logistics, telecommunications, consulting, customer support, and dunning. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Some third countries are certified by the European Commission as having data protection comparable to the EEA standard through so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a uniformly high level of data protection due to the lack of legal regulations. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company rules, standard contractual clauses issued by the European Commission, certificates or recognised codes of conduct. In addition, the transfer of data outside the European Economic Area (EEA) is based on your consent in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, provided you have given this consent in advance. Please contact us, if you would like further information on this.
Advertising communication and market research based on consent
If you have separately given your consent to the further use of your personal data, your personal data may be used to the extent described in the consent declaration, e.g. for marketing purposes and/or market research, and where applicable disclosed to third parties (Art. 6(1)(a) GDPR). Further details can be found in the respective consent declaration, which can be revoked at any time.
Furthermore, DCS will process personal data if it has a legal obligation to do so (Art. 13(1)(c), Art. 6(1)(c) GDPR). For example, DCS may be legally obliged to disclose personal data to public authorities or other third parties.
Third party services (Google Maps)
In order to ensure the correct input of addresses, we have integrated into our website the service Google Maps from Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) through an API. Google acts on our behalf in this matter. In order to display the content in your browser, Google must receive your IP address, otherwise Google will not be able to provide you with this embedded content.
The legal basis for processing arises from Art. 6(1)(a) of the GDPR, i.e. we process your personal data based on your consent.
By using Google Maps, information about your use of this website (including your IP address) may be processed in countries outside the European Union (including the United States). There may not be an “adequate level of protection” for the processing of personal data in these third party countries from the European Union's standpoint. However, such a level of protection can be created via certain measures. This measure is in place by what is called the EU-US Privacy Shield. You can find details on certification according to the EU-US Privacy Shield on this US government website (unfortunately, only officially available in English): https://www.privacyshield.gov. Google may transfer the information obtained from Maps to third parties, if required by law or to the extent that third parties process this data on behalf of Google.
How do we protect your personal data?
We secure your data using state-of-the-art technology. By way of example, the following security measures are used to protect your personal data against misuse or any other form of unauthorised processing:
- access to personal data is restricted to only a limited number of authorised persons for the specified purposes;
- collected data are transferred only in encrypted form;
- furthermore, access to these IT systems is monitored permanently in order to detect and avert misuse at an early stage.
We only store your personal data for as long as is required for the respective purpose. If data are processed for multiple purposes, they are automatically erased, or stored in a form that is not directly traceable to you, as soon as the last specified purpose has been fulfilled.
Contacting us, your data protection rights and your right to complain to the Data Protection Authority
You are entitled to request access to your personal data, to request the rectification/erasure or restriction of processing, to object to the processing by contacting Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, E-Mail: email@example.com. If you are in the opinion that we do not take your concerns or complaints regarding the processing of data seriously you can also reach out to the responsible regulatory authority.
If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. To this end, please contact Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, E-Mail: firstname.lastname@example.org