Zap-Map Privacy Policy

Thanks for visiting Zap-Map’s Privacy Policy which has been updated to reflect changes in data privacy laws, specifically the General Data Protection Regulation (GDPR) in the European Union which takes effect on 25 May 2018.

The updated policy includes details about your personal data rights, and your ability to manage any personal information you share across Zap-Map. Please also refer to our Terms and Conditions, Cookie Policy and Data Licensing terms.

In this policy, ‘Zap-Map Sites and Services’, also referred to as ‘Zap-Map’ and ‘Sites and Services’, refers to the following websites, mobile applications and data services operated by Next Green Car Ltd: ‘Zap-Map Websites’, also referred to as the ‘Websites’, [URL: http://www.zap-map.com], and ‘Zap-Map Applications’, also referred to as the ‘Applications’, [iOS/Android apps and related applications]. The use of terms ‘we’ and ‘our’ refer to Zap-Map Sites and Services, and ‘users’ refers to contributors and users of the information published on any of the Sites and Services.

1. WHAT INFORMATION WE COLLECT

Whether you use Zap-Map as a registered or non-registered user each time you visit or use our Sites and Services, we may automatically collect the following data, some of which can be considered personal information:

  • Information about your activity on and interaction with Zap-Map, including your device’s IP address, the type of device and browser you use, high-level location including the country from which you are accessing the Sites and Services;
  • Information about your actions on the Sites and Services in the form of traffic analytics. You can opt out of being included in Google Analytics by using Google Analytics Opt-out Browser Add-on.
  • Information from previous visits using a ‘cookie’, which are used by websites used to differentiate one device from another and to pass information from page to page during a single user’s website session. See our Cookie Policy.

Registered users also have access to additional Sites and Services features. To create an account on Zap-Map, we need to collect and process some personal information. You may decline to provide us with your information; however, this will limit your ability to register for an account and use some of our Sites and Services.

We may ask for this information if you register as a user of our Sites and Services, subscribe to our newsletters, upload or submit content through Zap-Map, or if you contact us. Depending on your use of Zap-Map, information required for registration may include:

  • Your name, email and postal address, country of residence, login username, display name or nickname and password details;
  • Vehicle make(s) and model(s) information and the postcode of where your vehicle is usually based. This information enables us to only show the charge devices which can be used by these vehicles;
  • If submitting your home and/or workplace charger for inclusion on Zap-Map, the full postal address of where your charger is located, contact email, contact telephone number, charger time availability, use of cables, access to the property, optional payment fee and optional PayPal.Me account name in order that you can receive payments from other registered users.

Other information which we may collect depending on your device settings and contact preferences includes:

  • Your contact preferences, so that we know for what reasons we may contact you (e.g. Zap-Map newsletter, Zap-Map product updates, Zap-Map surveys, Zap-Map promotions, and third-party communications) as well as your preferred contact methods (e.g. email, telephone, post, text);
  • Information that you submit on or to Zap-Map Sites and Services in the form of Zap-Chats (posts on Zap-Map), general comments, contributions to discussions, and/or messages to other users. Please note that our Terms and Conditions prohibit the sharing of personal information within all user comments and contributions (including Zap-Chat);
  • Communications you send directly to us (for example, when you ask for support, send us questions or comments, or report an issue);
  • Your current location for certain location-enabled services. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent for us to access your location at any time through your device settings;
  • Your notification and device storage (caching) preferences, which you can change at any time through your device settings.

2. HOW WE USE YOUR PERSONAL INFORMATION

For all users of Zap-Map Sites and Services, we use the information automatically collected for the following purposes:

  • To enable us to provide you with Zap-Map Sites and Services, and to continually improve Zap-Map to ensure that the content is presented in the most effective manner for you and your device;
  • To track and analyze use of the Sites and Services so that we can improve how Zap-Map is performing and provide users with the best possible experience;
  • To allow you to participate in interactive features of our Sites and Services, when you choose to do so, in order that you receive the best possible information service from Zap-Map;
  • As part of our efforts to keep our Sites and Services safe and secure through pro-active site monitoring, and to administer Zap-Map for troubleshooting, data analysis, and testing purposes.

If you have registered an account to access additional features on Zap-Map Sites and Services, we use the personal information you have provided for the following purposes:

  • To provide you access to personalised areas of Zap-Map Sites and Services such as EV model filters, user filters, favourites and route plans, and to create and administer your account;
  • To enable you to post Zap-Chat comments which can be read by other Zap-Map users across all Zap-Map Sites and Services;
  • To enable you to add a public charge point or suggest a charge point location that is not currently on Zap-Map;
  • To enable you to advertise your home charge point on Zap-Map for use by other Zap-Map registered users. If you choose this option, your charge point location, charge point name, charger type and number of connectors will be visible by all Zap-Map users. In addition, your full postal address, contact email, contact telephone number, charge time availability, use of cables, access to the property, optional payment fee and optional PayPal.Me account name will be visible by all Zap-Map users who have a registered account.
  • To enable you to advertise a workplace charge point on Zap-Map for use by all Zap-Map users. If you choose this option, the charge point location, charge point name, charger type, number of connectors, full workplace postal address, contact email, contact telephone number, charge time availability, use of cables, access to the property, optional payment fee and optional PayPal.Me account name will be visible by all Zap-Map users.

Where you have provided other device setting and contact preference information, and where you have consented to such communications, we may use this information for the following purposes:

  • Provide you with Zap-Map product updates and notify you about changes to our Sites and Services;
  • Invite you to participate in Zap-Map surveys and relevant market research where you have consented to such communications;
  • Provide you with newsletters, promotions and other information about goods or services we think may interest you where you have consented to such communications;
  • To enhance the Sites and Services through the use of location-enabled smart tools and notifications. You can withdraw your consent for us to access your location at any time through your device settings;
  • Respond to your feedback, enquiries and complaints;
  • Carry out our obligations from any contracts you have entered into with us; or process job vacancy applications and CVs.

We will retain your personal information for as long as your account is active to provide you with access to our Sites and Services as set out in this Privacy Policy. We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Sites and Services, improve Zap-Map or comply with legal obligations.

For inactive users, we will retain and use your information solely for the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Zap-Map’s legal rights.

We may retain personal data of inactive accounts for a reasonable period to allow us to respond to any follow up enquiries or complaints. To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, and the potential risk of harm from unauthorised use or disclosure of your personal data. In the majority of cases this period is less than 24 months.

Where registered users subsequently withdraw their content and/or wish to remove all of their personal information from our Sites and Services, we will only continue to retain the registration details (including username and password) as part of a suppression list to ensure we comply with all ‘do not contact’ requests, to allow us to respond to any follow up enquiries or complaints, and to comply with our legal obligations, resolve disputes, enforce our agreements and protect Zap-Map’s legal rights.

3. HOW WE PROTECT YOUR PERSONAL DATA

We take security seriously, and the security of your personal data is important to us. We do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.

We follow industry-standard practices to protect the data we collect and maintain, including using Transport Layer Security (TLS) to encrypt information as it travels over the internet. In addition to encrypted transmission, your account information is protected by a password, which you should choose carefully and keep secure. All passwords are stored in ‘hash’ format which is a widely used method to protect sensitive information.

We have implemented other technical safeguards to protect personal information entering the public domain via user contributions submitted on or to Zap-Map in the form of Zap-Chats (posts on Zap-Map), general comments, contributions to discussions, and/or messages to other users. For example, all posts are moderated, and all Zap-Chat images and text are scanned before publishing and vehicle registration marks (VRMs) are removed wherever possible using automated visual processing.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. This in effect removes any personal information and any security risk associated with your data. We may use or store this information indefinitely without further notice to you.

However, as no method of electronic communication or storage is completely secure, we cannot guarantee its absolute security. Zap-Map therefore has a protocol in place in the event of a data breach. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so, and within the time limit specified by GDPR regulations.

As part of our data security procedures, we regularly employ penetration testers to review our database and server security measures. Should you become aware of a security vulnerability across any part of our Sites and Services, we encourage the responsible disclosure of vulnerabilities by emailing security@zap-map.com.

4. YOUR DATA PROTECTION RIGHTS

Under European GDPR legislation which takes effect from 25 May 2018, to process your data we must have a lawful basis to do so. GDPR permits six legal ways to process your personal data.

In the vast majority of cases, we process your personal data on the basis that:

  • You have given consent to the processing of your personal data for one or more specific purposes.

In a small number of cases, we may also process your personal data in cases where:

  • It is necessary for compliance with a legal obligation to which we are subject; it is necessary in order to protect your vital interests; it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
  • It is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

In cases where we must rely on legitimate interests rather than consent to process personal data, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.

Examples of legitimate interests include: reporting criminal acts and compliance with law enforcement agencies; internal and external audit for financial or regulatory compliance purposes; statutory reporting; maintenance of suppression lists; physical and network security; financial management and control; and general administration.

GDPR gives you the user of Zap-Map Sites and Services, a number of important right with which to control the use of your personal information. Zap-Map is happy to comply with these rights which are as follows:

  • Withdraw consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time;
  • Right to be informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used;
  • Right of access – You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. From 25 May 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity;
  • Right of erasure – From 25 May 2018, you have the right to be forgotten (i.e. to have your personal data deleted). Where this occurs, we will only retain your registration details on a suppression list to ensure that you are not contacted in the future. Should we be unable to comply with your request of erasure for legal reasons, we will notify you about this decision;
  • Right of rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data provided to us;
  • Right to restrict processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage;
  • Right to data portability – Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
  • Right to object – You have an absolute right to stop the processing of your personal data for direct marketing purposes. This right is implemented by amending your contact preferences;
  • Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object.

To submit a Subject Access Request, change consent, request erasure or rectification, restrict processing, to port data to another provider, and/or to object to automated decision making, please contact Zap-Map via email at privacy@zap-map.com, by phone on 0117 929 8855, or write to: Next Green Car Ltd & Zap-Map, Spike Island, 133 Cumberland Road, Bristol BS1 6UX. Mark your email or letter Privacy Information Request.

5. DATA SHARING WITH THIRD PARTIES

In order to facilitate your use of Zap-Map Sites and Services, we may share your personal data with trusted third parties to provide elements of our Sites and Services to you. In all such cases we will first confirm that each party is fully GDPR compliant and will request documentary evidence to this effect. Where required, we will also insist on a signed contract which includes a GDPR compliance clause.

In these cases, we will provide your personal data to third parties only when they need the data to perform particular functions in delivering our Sites and Services to you or as part of our regulatory compliance. These include:

  • Charge point networks who are our data partners and with whom we share Zap-Chats that relate to their charging units. The personal information shared is limited to the user display name only. In cases where we are unable to verify GDPR compliance, we will remove the user display name from the data shared;
  • Service providers acting as data processors on our behalf, located in the UK and/or EU who provide data hosting facilities, email services, IT and system administration services which support Zap-Map Sites and Services;
  • HM Revenue & Customs, regulators and other official authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request or to investigate potential data breaches.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes (other than those related to the delivery of Zap-Map Sites and Services) and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The data we collect from you may, on occasion, be processed at a destination outside the European Economic Area (EEA) by organisations engaged in the fulfilment of your request, order or reservation, and the provision of support services. Where this occurs, we will take steps reasonably necessary to ensure there is an adequate level of protection of your data and that your data is treated securely and in accordance with EU law and our Privacy Policy.

6. CHILDREN AND PERSONAL INFORMATION

As GDPR has additional safeguards for the protection of children’s personal data, Zap-Map does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account on any of the Zap-Map Sites or Services.

Under our Terms and Conditions, from 25 May 2018, children under 13 are only permitted to use Zap-Map as anonymous users and must not provide any personal information and must ensure that their devices are set to block the transmission of all personal data including the devices IP address and location information.

If you believe that a child has provided us with personal information, please contact us at privacy@zap-map.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we will immediately remove the data from our databases.

7. PRIVACY CONTACT INFORMATION

If you have any queries about this Privacy Policy, please contact us via email at privacy@zap-map.com, by phone on 0117 929 8855, or write to: Next Green Car Ltd & Zap-Map, Unit 66 Spike Island, 133 Cumberland Road, Bristol BS1 6UX. Mark your email or letter Privacy Information Request.

To submit a Subject Access Request, change consent, request erasure or rectification, restrict processing, to port data to another provider, and/or to object to automated decision making, please contact Zap-Map via email at privacy@zap-map.com, by phone on 0117 929 8855, or write to: Next Green Car Ltd & Zap-Map, Spike Island, 133 Cumberland Road, Bristol BS1 6UX. Mark your email or letter Privacy Information Request.

If, for any reason, you have a complaint, please contact Zap-Map in the first instance to discuss your concerns. If after having contacted Zap-Map and received a response you are still dissatisfied, you are able to contact the Information Commissioner’s Office (ICO) directly by phone on 0303 123 1113. For more information, visit the ICO website.

8. ABOUT THIS PRIVACY POLICY

By using the Zap-Map Site and Services, you’re acknowledging you have agreed to our Terms and Conditions and that you have read and understood this Privacy Policy and our Cookie Policy.

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of any of our Sites and Services.

This Privacy Policy only covers Zap-Map Sites and Services. Any other websites that may be linked to by the Zap-Map Sites and Services are subject to their own policy, which may differ from Zap-Map’s Privacy Policy.

Where you submit information to a third party through our site, any information that you provide will be subject to the Terms and Conditions and Privacy Policy of the third-party website and Zap-Map will bear no liability for any loss incurred or damage suffered by you as a result.

Policy last updated: May 2018

© COPYRIGHT NEXT GREEN CAR LTD 2018