DAZE APP – PRIVACY & COOKIE POLICY
This privacy & cookie policy (hereinafter, the “Policy”) illustrates the treatments carried out by Daze Technology S.r.l., based in Via Orio 18, 24146 Bergamo (BG), Tax Code and VAT Number 04167800160 (hereinafter, “Daze” or the “Data Controller”) through its mobile app called “Daze App” (hereinafter, the “App”), pursuant to Articles 13 and 14 of Regulation (EU) No. 2016/679 (hereinafter, the “GDPR”).
For details of the Cookies used on the App, please refer to paragraph 7 below.
1. DATA CONTROLLER
The Data Controller is Daze, reachable at the email address: info@dazetechnology.com.
2. PERSONAL DATA PROCESSED
Through the App, the Owner processes the following categories of personal data:
• information related to the device: by installing the App through the store (i.e. App Store, Play Store) on your mobile device (hereinafter, the “Device”), you authorize Daze to acquire certain data – both personal and non-personal – related to the Device itself, the processing of which is necessary to ensure the successful installation (e.g. Device model, operating system version, screen resolution, type of connection, language, etc.). Since these are information whose processing is essential for the technical operations of installing the App on your Device, the only way you can oppose this processing is to uninstall the App;
• information necessary for account creation: to fully enjoy the functionalities offered by the App – such as, for example, the interconnection with the wallbox, it is necessary to register by creating a personal account (hereinafter, the “Account”), providing your first name, last name, and email address. In addition, you may, at your discretion, choose to provide us with additional data to complete your Account with additional information, such as your residence address and phone number;
• information related to your Daze Wallbox: through the App, you have the possibility to connect to the Daze wallbox (hereinafter, the “Wallbox”) you purchased to manage it better. In this context, in order to link the App to the Wallbox, you will be asked to enter its serial code and PUK code, and to assign it a name;
• information related to the electrical installation: once you have connected the Wallbox to the App, we may acquire some information related to the electrical installation to which the Wallbox is connected, such as the type of system (e.g. single-phase/three-phase), the power of the meter, participation in the “Experiment aimed at facilitating the charging of electric vehicles during night and holiday hours” by Arera, the presence of a photovoltaic system, the readiness for variable energy supply;
• information related to Wallbox charging sessions: through the App, you will have the opportunity to view information related to the charging sessions of the Wallbox, such as start and end times of charging and amount of energy delivered, including, depending on the case, the charges made by other users;
• third-party data: if you decide to provide us with personal data of your family members and/or third parties, it is your responsibility to ensure that they have been informed in advance and adequately about the methods and purposes of processing indicated here, and that the processing of such data is based on one of the legal bases referred to in the GDPR. In fact, regarding this processing, you act as an independent data controller, assuming all legal obligations and responsibilities, and expressly indemnifying Daze from any claims, disputes, or demands that may be made against Daze by third parties whose personal data have been processed through the App under your responsibility. Likewise, if you have created an Administrator Account for managing one or more Wallboxes shared with different users, we inform you right now that, with respect to the processing of the personal data of such additional users that you carry out, you act as an independent data controller, assuming all legal obligations and responsibilities and expressly indemnifying Daze from any claims, disputes, or demands that may be made against Daze by third parties whose personal data have been processed through the App under your responsibility.
3. PURPOSE OF PROCESSING
Daze collects and processes the aforementioned personal data for the following purposes:
Account registration: the data collected during the account registration is processed solely to allow you to fully enjoy the services and features offered by Daze through the App and to properly manage the Account;
management of the Wallbox: we process the data collected from the Wallbox to allow you to manage it effectively and to view information related to charging sessions;
fulfillment of legal obligations: we may need to process your personal data in order to comply with legal obligations to which we are subject;
technical management of the App: we may need to process your personal data in order to ensure the correct technical management of the App;
direct marketing: we process your personal data, with your free, specific, and informed consent, to send you, including via newsletters, emails, SMS, and MMS, information and updates about our commercial initiatives, events, initiatives, or our partnerships, as well as to conduct market research and user satisfaction surveys;
third-party marketing: with your free, specific, and informed consent, we may share your personal data with Daze's commercial partners operating in the following sectors: energy, so that they can process your data for their own marketing purposes, to send you newsletters and/or updates regarding commercial initiatives, events, and further initiatives promoted by the partner itself;
assessment, exercise, or defense of our rights: where necessary, we will process your personal data in order to ascertain, exercise, or defend our rights in court or whenever jurisdictional authorities exercise their functions;
communication of data to third parties in the context of extraordinary operations: we may process your personal data in the context of extraordinary operations such as mergers, acquisitions, demergers, transfers of business branches, etc., as necessary to allow us to complete the operation and to communicate your personal data to the involved third party/ies.
4. LEGAL BASIS AND NATURE OF DATA TRANSFER
The processing carried out for the purposes referred to in par. 3.1. and 3.2. finds its legal basis in art. 6(1)(b) of the GDPR, that is, in the performance of contracts or pre-contractual measures to which the data subject is a party).
The above-mentioned processing – without prejudice to the provision of the additional information referred to in par. 2 – information necessary for the creation of the Account – is necessary to allow you to register your Account and to benefit from the management features of the Wallbox; therefore, in case of failure to provide your data for the aforementioned purposes, you will not be able to fully enjoy the services offered by Daze through the App.
The processing carried out for the purpose referred to in par. 3.3. finds its legal basis in art. 6(1)(c) of the GDPR (compliance with legal obligations to which the Data Controller is subject).
The data processed for the purposes referred to in par. 3.4., 3.75. and 3.86. are processed in pursuit of a legitimate interest of the Data Controller, i.e. based on art. 6(1)(f) of the GDPR. The legitimate interests pursued as indicated above are balanced against your interests, rights and fundamental freedoms and, in any case, provided that the legal conditions are met, you may object to such processing in the manner indicated in this notice. In case of opposition, we may continue to carry out the processing in question only in the presence of overriding legitimate reasons.
With reference to the purposes referred to in par. 3.5. and 3.6., the related processing will be carried out exclusively upon the release of consent by the data subject, pursuant to art. 6 (1) (a) of the GDPR. This consent may be revoked at any time without affecting the legality of the processing carried out until the date of revocation of the same.
5. DATA RETENTION PERIOD
The data processed for the purposes referred to in par. 3.1. and 3.2. will be retained until the deletion of the Account and, subsequently, where strictly necessary, for the applicable statute of limitations pursuant to Article 2947 paragraphs 1 and 3 of the Civil Code.
Subject to what is indicated below and what is provided for in Article 8 regarding the retention of data following the deletion of the Account, if you decide to delete your Account, your data will be retained for a period not exceeding 3 months for exclusively administrative purposes, without prejudice to further retention periods determined based on the necessity to protect our legitimate interests (e.g., in the event of managing complaints and/or disputes judicially and/or extrajudicially) and/or provided for by specific legal norms.
The data processed for the purpose referred to in par. 3.3. will be retained for the strictly necessary period to allow Daze to comply with the legal obligations it is subject to and, in any case, for a maximum period of 10 years.
With reference to the technical management activities of the App referred to in par. 3.4., we inform you that your data will be processed for the strictly necessary period to pursue this purpose and, in any case, for no more than 12 months.
The data processed for the purposes referred to in par. 3.5. and 3.6. will be retained until the date of withdrawal of consent by the data subject. It is specified that the Data Controller will periodically verify the ongoing interest of the data subject in receiving newsletters and further commercial communications.
Regarding the purpose referred to in par. 3.7, we inform you that your data will be processed for the applicable statute of limitations pursuant to Article 2947 paragraphs 1 and 3 of the Civil Code.
In the context of extraordinary operations referred to in par. 3.86., finally, your data will be processed for the strictly necessary period to complete the operation(s).
6. CATEGORIES OF DATA RECIPIENTS
For the pursuit of the aforementioned purposes, your personal data may be shared with:
• employees/collaborators of Daze authorized to/assigned to process personal data;
• IT suppliers;
• commercial partners of Daze;
• persons or companies that offer promotion, commercial solicitation, and advertising services;
• external consultants and professional firms;
• insurance companies, banks, and credit institutions;
• authorities to whom the communication of your personal data is mandatory by law;
• counterparts and third parties in the context of extraordinary operations.
Daze, where necessary, has entered into specific agreements with the parties mentioned above governing the processing of personal data carried out by them.
Your personal data may be transferred outside the European Economic Area in full compliance with Articles 44 et seq. of the GDPR.
7. COOKIE
7.1. Definitions, characteristics, and application of the regulation
Cookies are small text files that websites or mobile applications you visit store on your devices to be retransmitted to the same websites/apps upon your next visit. In fact, it is the cookies that allow the websites and applications you use to remember your actions and preferences related to e.g. language, login data, display settings, etc., enabling you not to have to reset them on your next visit or when you navigate to another page of the same site/app. Cookies, therefore, are used to perform computer authentications, session tracking, and storing information regarding the activities of users accessing a site or app, and may also contain a unique identifier code that allows tracking the user's navigation within the site itself or app for statistical or advertising purposes. During navigation on a site/app, you may also receive on your computer or mobile device cookies from sites or web servers different from the one you are visiting (so-called "third-party" cookies). These third parties have their own personal data processing policies and privacy notices, which can be consulted directly from their respective sites; therefore, you should refer directly to these.
There are various types of cookies, depending on their characteristics and functions, which may remain on your PC, smartphone, tablet, etc. for different periods: so-called "session cookies," which are automatically deleted when the browser is closed; or so-called "persistent cookies," which are stored on the user's device until a predetermined expiration date.
According to current legislation in Italy, the use of cookies does not always require explicit consent from the user. In particular, consent is not required for the installation of "technical cookies," which are those used solely for the purpose of "effecting the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the contractor or user to deliver such a service" (art. 122, c. 1, D.Lgs. 196/2003, i.e. the "Privacy Code"). In other words, these are cookies essential for the operation of websites or necessary to carry out activities requested by the user.
Among the technical cookies that do not require explicit consent for their use, the Data Protection Authority includes (see the Resolution "Identification of simplified procedures for information and acquisition of consent for the use of cookies – May 8, 2014 [doc. web n. 3118884]" and subsequent amendments and updates, and the "Cookie and Other Tracking Tools Guidelines – June 10, 2021 [doc. web n. 9677876]" ):
• technical cookies for processing statistics, where used directly by the site or app manager to collect information, in aggregate form, about the number of users and how they visit the site/app;
• navigation or session cookies (for authentication);
• functionality cookies, which allow the user to navigate based on a series of selected criteria (e.g., language, products selected for purchase) in order to improve the service rendered to the same.
All other cookies (i.e., those that are not technical) and, in particular, those for personalization of content (i.e., those aimed at creating profiles relating to the user and used for sending advertising messages in line with the preferences expressed by the same in the course of web navigation), instead, can only be used subject to acquiring the informed consent of the user.
Similar functions to those reported above can also be performed by other tracking tools such as SDKs, pixels, beacons, etc., that, while using different technologies (so-called "passive identifiers," in contrast to the active ones recalled above), allow for processing similar to that carried out through cookies. For simplicity, in this Cookie Policy, we will generally refer to "cookies," which must be understood as both cookies in the strict sense and other tracking tools.
7.2. Types of cookies used by the App: strictly necessary cookies
The App exclusively uses so-called technical cookies, which are necessary for the operation of the App and cannot be deselected. They are usually set only in response to actions you have taken that constitute a service request, such as setting privacy preferences or logging in. These cookies do not store personal information.
Cookie Platform Description Duration
TOKEN iOS, Android Authentication token for the Identity Server with the purpose of allowing automatic login Session
8. YOUR RIGHTS UNDER THE GDPR
In the presence of conditions provided for by law, you will be able to exercise the rights granted to you by the applicable regulations at any time.
In particular, you have the right to request access to your personal data, their rectification and/or deletion, to object to their processing and, where applicable, to request not to be subject to a decision based solely on automated processing, including profiling. Additionally, in cases provided for by art. 18 of the GDPR, you have the right to request the restriction of processing and, in cases provided for by art. 20 of the GDPR, to obtain personal data concerning you in a structured, commonly used and machine-readable format.
Furthermore, if you believe that the processing of your personal data is contrary to the regulations in force, you always have the right to lodge a complaint with the Data Protection Authority pursuant to art. 77 of the GDPR.
To exercise your rights or obtain more information regarding processing carried out by the Data Controller, you can send a request to the e-mail address info@dazetechnology.com.
Verification and management of your data
To facilitate the exercise of your rights, the App allows you to modify some of your data, including any additional data you may have provided.
Account Deletion:
You can delete your Account:
1. directly from the App, through the “Profile” section; or
2. by sending an e-mail to the address info@dazetechnology.com with the subject “App Account Deletion”.
Once the deletion request is received, we will promptly deactivate your Account and, within 3 months from receipt, delete all personal data present in our records related to your Account, as well as forward the relevant request to third parties who process your personal data on our behalf.
9. UPDATE OF THE PRIVACY & COOKIE POLICY
This Policy was published on 14/03/2023 and may be modified in the future, e.g., in light of the potential introduction of new regulations, the update or provision of new services, or the adoption of new technologies. We will inform you of such changes as soon as they are introduced, and they will be binding as soon as published. We encourage you to regularly visit the section of the App dedicated to the Policy to stay updated on the data we collect and how we use it.