Data Protection Information

Welcome to the website of Volta Charging Germany GmbH. The protection of personal data is extremely important to us. We only process personal data in compliance with the applicable requirements of data protection law, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We hope that the information provided below will enable you to check and understand your rights. This data protection declaration contains all the relevant information relating to processing your personal data in connection with our website and enquiries to our customer services department.

A. Information about the data controller

I. Name and contact details of the data controller

Volta Charging Germany GmbH
Mariendorfer Damm 1
c/o The Drivery
12099 Berlin
Email: hi@voltacharging.eu

II. Contact details of the data protection officer

Volta Charging Germany GmbH
Mariendorfer Damm 1
c/o The Drivery
12099 Berlin
Email: support@voltacharging.eu

B. Information about processing personal data

I. Visiting our website

When you visit our website, we process your personal data so that we can present the website and its content to you and guarantee the security of our IT infrastructure. We also process personal data to enable us to offer you a cookie dashboard. More detailed information is provided below.

Preparing content

When you visit our website, data is temporarily processed on our web server, which allows us to present you with the website content. We process HTTP data for this purpose. The legal basis for processing this information is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is to provide the website content that you have accessed.

As part of the processing, we transmit your data to the following categories of recipients: the hosting provider (Amazon Web Services EMEA S.A.R.L., Gordon House, Barrow Street, Dublin 4, Ireland).

Information on the storage duration of various categories of personal data can be found in Section D.

Security of the IT infrastructure

We temporarily store data in log files on our web server and analyse them in order to protect the IT infrastructure used to provide the website, in particular for the identification, elimination and evidential documentation of malfunctions (e.g. DDoS attacks). We process HTTP files for this purpose. The legal basis for processing this information is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is to protect the IT infrastructure used to provide the website, in particular for the identification, elimination and evidential documentation of malfunctions (e.g. DDoS attacks).

As part of the processing, we transmit your data to the following categories of recipients: the hosting provider (Amazon Web Services EMEA S.A.R.L., Gordon House, Barrow Street, Dublin 4, Ireland).

Information on the storage duration of various categories of personal data can be found in Section D.

We provide a feature that allows you to manage your cookie settings for the website (hereinafter referred to as the ‘cookie dashboard’). Each time you visit the website, we can determine, for example, whether you have already given consent and then activate cookies as well as the associated analysis and tracking tools according to your preferences. Data from essential cookies is also temporarily processed on our web server for this purpose. More detailed information on the content and purpose of the cookies used and similar technologies can be found on our cookie dashboard:

We process the data that you provide to manage the cookie settings for this website and the data that is assigned to your device when you use the function to manage cookie settings. This includes, for example, your consent and, if applicable, your individual selection of the cookies to be used on your device. The legal basis for the processing of this information is our legitimate interest (Article 6(1)(f) GDPR) in managing the consent that you give for cookies used on this website.

As part of the processing, we transmit your data to the following categories of recipients: the IT service provider (Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark).

Information on the storage duration of various categories of personal data can be found in Section D.

II. Web analysis technologies

We use web analysis technologies on our website if you have given your consent. This allows us to record and interpret information on your website activity. We create a profile which we allocate to your device for this purpose. We can then identify your device again when you visit our website. The information collected allows us to improve our website and achieve other goals (e.g. improving our visibility on the Internet). More detailed information is provided below.

Web analysis technologies

When you access our website and give your consent, we record information relating to your website activity using the web analysis tool Google Analytics and store it in a profile associated with your device. This enables us to improve our website and its goals. To enable us to link this information to your device, we allocate a unique ID which is connected to the profile associated with your device. This data is stored in cookies on your device and can be accessed when you visit our website. We can then identify your device again by means of your allocated ID when you visit our website. The aim of the analysis is to determine where website users come from, which parts of our website they visit, and how often and for how long they access certain pages and categories.

We process web analysis HTTP data, web analysis device data and web analysis profile data for this purpose. Your IP address will be anonymised before it is stored. To document your consent, we store a unique ID assigned to you for the duration of your consent.

The web analysis tool that we use generates and stores the web analysis profile. This includes information on your use of our website, in particular the pages accessed, the access frequency and the length of time spent on the pages in addition to the unique ID allocated to your device.

The legal basis for processing this information is the consent that you granted to us by means of the cookie banner (Article 6(1)(a) GDPR).

As part of the processing, we transmit your data to the following categories of recipients: the web analysis tool provider (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04E5W5, Ireland).

Information on the storage duration of various categories of personal data can be found in Section D.

III. Customer enquiries

We process personal data to respond to your enquiry when you contact our customer service department. More detailed information is provided below.

Customer enquiries

When you contact our customer service department, in particular to obtain further information about our services or to ask questions about an existing contract, we process personal data to respond to your enquiry. We process communication data for this purpose. We process communication data for this purpose. The legal basis for processing this information is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest consists of processing your enquiry. If your enquiry relates to a specific contractual relationship or the initiation of such a relationship, the legal basis for processing is the performance of the contract (Article 6(1)(b) GDPR).

As part of the processing, we transmit your data to the following categories of recipients: the IT service provider (Typeform, C/ Bac de Roda 163, Local 1, Barcelona, Catalunya 08018, Spain).

Information on the storage duration of various categories of personal data can be found in Section D.

C. Data transmission to third countries

We will only transfer personal data to recipients that process personal data outside the European Union (‘third countries’) without your consent pursuant to Article 49(1)(a) GDPR if an adequacy decision of the European Commission or suitable guarantees from the recipient are available for this third country.

D. Storage duration of your personal data

We store your personal data for different reasons (e.g. technical or legal) and for different lengths of time. In general, we only store your data for as long as the corresponding purpose requires.

We store HTTP data and server log files for a maximum period of 3 months unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-related event, server log files will be stored until the event has been eliminated and fully resolved.

E. Use of cookies and similar technologies

You can change the settings for the use of cookies and similar technologies on our website using our cookie dashboard.

F. No obligation to provide personal data

You are not obliged to make your data available. The provision of your data is not required either by law or by contract. However, if you do not provide data you may not be able to use all our services.

G. Information on the rights of data subjects

As a data subject, you have the following rights in relation to the processing of your personal data:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right to withdraw consent (Article 7 (3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You can get in touch with us using the contact information provided in Section A in order to exercise your rights.

Information about any special procedures and mechanisms that could make it easier for you to exercise your rights, particularly for exercising your rights to data portability and to object, can be found in the information on processing personal data provided in Section B of this data protection information. More detailed information on your rights relating to the processing of your personal data is provided below.

I. Right of access

As a data subject, you have a right of access under the conditions of Article 15 GDPR.

In particular, this means that you have the right to request confirmation from us as to whether we process personal data that concerns you. If this is the case then you also have the right to access this personal data and the information provided in Article 15(1) GDPR. This includes, for example, information on the purposes of processing, the categories of personal data processed and the recipients or categories of recipients to whom the personal data has been or is to be disclosed (Article 15(1)(a), (b) and (c) GDPR).

The full scope of your right of access can be obtained from Article 15 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have a right to rectification under the conditions of Article 16 GDPR.

In particular, this means that you have the right to request that we immediately rectify incorrect personal data that concerns you and complete personal data that is incomplete.

The full scope of your right to rectification can be obtained from Article 16 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (‘right to be forgotten’)

As a data subject, you have a right to erasure (‘right to be forgotten’) under the conditions of Article 17 GDPR.

This means that you have the basic right to request that we immediately erase personal data that concerns you and that we are obliged to erase personal data immediately if one of the grounds set forth in Article 17(1) GDPR applies. This may be the case, for example, when personal data is no longer required for the purposes for which it was collected or otherwise processed (Article 17(1)(a) GDPR).

If we have made personal data public and are obliged to erase it then, taking into account the available technology and implementation costs, we are also obliged to take appropriate measures, including technical ones, to inform other data controllers who are processing the personal data that a data subject has requested them to erase all links to this personal data, or copies or replications thereof (Article 17 (2) GDPR).

By way of an exception, the right to erasure (‘right to be forgotten’) does not apply if processing is necessary for one of the reasons set forth in Article 17(3) GDPR. This may be the case, for example, if processing is required to fulfil a legal obligation or to assert, exercise or defend legal claims (Article 17 (3)(a) and (e) GDPR).

The full scope of your right to erasure can be found in Article 17 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IV. Right to restriction of processing

As a data subject, you have a right to restrict processing under the conditions of Article 18 GDPR.

This means that you have the right to request that we restrict processing if one of the requirements set forth in Article 18(1) GDPR applies. This may be the case, for example, if you dispute the accuracy of the personal data. The restriction of processing applies in this case for the length of time required for us to check the accuracy of the personal data (Article 18(1)(a) GDPR).

Restriction means identifying the stored personal data with the aim of limiting its processing in the future (Article 4(3) GDPR).

The full scope of your right to restriction of processing can be found in Article 18 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the conditions of Article 20 GDPR.

This means that, in principle, you have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly-used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us, where the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) and the processing is carried out using automated processes (Article 20(1) GDPR).

Information as to whether processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR can be found in the information on the legal basis for processing in Section B of this data protection information.

In exercising your right to data portability, you also have, in principle, the right to have the personal data transmitted directly by us to another controller, where technically feasible (Article 20(2) GDPR).

The full scope of your right to data portability can be found in Article 20 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the conditions of Article 21 GDPR.

We will expressly inform you of your right to object as a data subject no later than at the time of our first communication with you. More detailed information is provided below.

1. Right to object for reasons stemming from the particular situation of the data subject

As a data subject, you have the right at any time, for reasons stemming from your particular situation, to raise an objection against your personal data being processed based on Article 6(1)(e) or (f) GDPR; this also applies to profiling underpinned by these provisions.

Information as to whether processing is carried out pursuant to Article 6(1)(e) or (f) GDPR can be found in the information on the legal basis for processing in Section B of this data protection information.

In the event of an objection for reasons stemming from your particular situation, we will refrain from processing the personal data concerned unless we are able to provide compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or unless the processing services to assert, exercise or defend legal claims.

The full scope of your right to object can be found in Article 21 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct advertising

If personal data is processed in order to promote direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of this kind of advertising; this also applies to profiling if it is connected to this kind of direct advertising.

Information as to whether and to what extent personal data is processed to promote direct advertising can be found in the information on the legal basis for processing in Section B of this data protection information.

If an objection is raised against processing for the purposes of direct advertising, we will refrain from processing the relevant personal data for these purposes.

The full scope of your right to object can be found in Article 21 GDPR, which you can access via the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right to withdraw consent

If processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, you have the right as a data subject pursuant to Article 7(3) GDPR to withdraw your consent at any time. The withdrawal of consent does not affect the legitimacy of any processing carried out on the basis of consent prior to this withdrawal. We will inform you of this before consent is given.

Information as to whether processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR can be found in the information on the legal basis for processing in Section B of this data protection information.

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions of Article 77 GDPR.

H. Information on the definitions used in this data protection information

The definitions used in this data protection information generally have the meanings established in the General Data Protection Regulation. We also use further definitions which are explained below together with the most important definitions in the General Data Protection Regulation:

  • ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • ‘Special categories of personal data’ means data which indicates racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership as well as genetic and biometric data which allows for the clear identification of a natural person, health data or data concerning the sex life or sexual orientation of a natural person.
  • ‘Data subject’ means the identified or identifiable natural person to whom the personal data relates.
  • ‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • ‘Third country’ means a country which is not a member state of the European Union (‘EU’) or the European Economic Area („EEA“).
  • ‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law are not considered recipients; the processing of that data by those public authorities is carried out in carried out in compliance with the applicable data protection regulations according to the purposes of the processing.
  • ‘Device data’ means data which is assigned to your device by means of the web analysis tool. This includes a unique ID used to (re-)identify returning visitors.
  • ‘HTTP data’ means protocol data that is technically generated when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your Internet browser, the operating system that you are using, the pages that you access, the pages that you have previously visited (referrer URL) and the date and time of access.
  • ‘Communication data’ means data that we process in connection with your customer service enquiry, in particular your contact details and the messages we exchange.
  • ‘Opt-in data’ means the data that you provide to manage the cookie consents for this website and data that will be assigned to your device when you use the function to manage cookie consents. This includes, for example, your consent and possibly your individual selection of the cookies used on your device.
  • ‘Personal data’ or ‘Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • ‘Profile data’ means data that is generated by the web analysis tool and stored in pseudonymised user profiles. This includes information on the use of the website, in particular the pages accessed, access frequency and the length of time spent on the pages, based on the allocation of the unique ID contained in the visitor's device.
  • ‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for their nomination may be provided for by EU or Member State law.
  • ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
  • ‘Web analysis HTTP data’ means data that is technically generated when using the web analysis tool used on our website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your Internet browser, the operating system that you are using, the pages that you access, the pages that you have previously visited (referrer URL) and the date and time of access.

I. Status and amendment of this data protection information

This version of this data protection information is: 4 December 2021.

We regularly update this data protection declaration based on technical developments and/or changes to statutory and/or official guidelines.