Payment via POS
Information on the processing of personal data as part of the POS payment service for HPC recharging
This Information Notice - given pursuant to Articles 13 and 14 of EU Regulation 2016/679 ('
GDPR') - outlines how EWIVA S.r.l. may handle personal data.
1. Personal Data Controller
EWIVA S.r.l., with registered office in Via Privata Grosio 10/4 Milan VAT no. 16223171006 - certified email ewiva@pec.ewiva.com (hereinafter "
Ewiva" or the "
Data Controller").
2. Processing Subject and Modes
Ewiva will process information that, under the GDPR, represents your personal data ('
Personal Data'). In particular, in the event of a request to issue an invoice, the following will be required: Name, surname, date and place of birth; billing address, tax code or VAT number; SDI recipient code / certified email (PEC) address; e-mail address to which a copy of the electronic invoice should be sent in advance; indication of whether the invoice is a split payment invoice.
In the case of legal entities, Ewiva will also request the company name; registered office address; as well as the relevant administrative office reference to be included on the invoice.
During the payment session, the serial number of the charging station; date and time (approximate) of the session; last 4 digits of the payment card used and the amount of the transaction will be collected. Moreover, at some Charging Stations (depending on the
charger model used) if, at checkout, the issue of receipt or invoice is requested, the telephone user will be collected to send an SMS containing two links in order to download the receipt or access to the request form for the invoice. This last
link, therefore, will allow you to enter the data necessary for the issuance of the accounting document.
The personal data collected are processed in compliance with the principles of lawfulness, correctness and transparency, as set out in Art. 5 GDPR, also with the aid of computerised and digital tools designed to store and manage the data themselves, and, in all cases, in such a way as to guarantee their security and protect the data subject’s utmost confidentiality.
3. Scope and legal basis of processing
Ewiva will process your Personal Data for the fulfilment of specific purposes and in the presence of an appropriate legal basis provided by the applicable data protection law. Specifically:
Scope |
Legal basis |
Preparation, issuance and transmission of receipt and invoice |
Performance of contract |
Responding to a question or request made by the data subject in relation to the payment made |
Performance of contract |
Fulfilment of legal, regulatory or EU obligations |
Fulfilment of legal obligations |
Detection, prevention, mitigation and verification of fraudulent or illegal activities in relation to the services provided |
Fulfilment of legal obligations |
The provision of your Personal Data is necessary to achieve the purposes set out in the table above. Failure to do so will make it impossible for Ewiva to process your request.
4. Recipients of Personal Data
For the pursuit of the purposes set out in paragraph 3 of this Policy, Ewiva may need to communicate your Personal Data to third parties in Italy and/or within the European Union, such as, but not limited to:
- employees and collaborators of Ewiva, specifically appointed as Authorised Persons for processing;
- to third-party companies or other entities that perform certain activities in outsourcing on behalf of the Data Controller, in their capacity as data processors, as well as to their employees and collaborators specifically appointed as Data Processors for specific purposes such as, by way of example
- issuing invoices and related tax obligations;
- technical evaluations necessary to respond to the data subject's request;
- fulfilment of any further legal obligations including audits for the purpose of detecting, preventing, mitigating and verifying fraudulent or illegal activities in connection with the services provided.
5. Period of retention of Personal Data
Personal Data will be retained for the time necessary to process the payment (and consequent issuance of the invoice) and for 10 years thereafter in compliance with the obligation -
ex lege - to keep accounting records. After the aforementioned period, the information will be deleted, without prejudice to further retention thereof where necessary to comply with specific legal obligations, Authority orders, for the collection of outstanding debts and for the handling of disputes, complaints and court actions.
6. Data Protection Officer
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted by e-mail at
dpo@ewiva.com.
7. Rights of data subjects
In the cases provided for, you have the right to obtain from the Controller, access to your personal data; rectification; erasure, portability, objection or restriction of processing concerning said data (Art. 15 et seq. GDPR). Any such request or report should be forwarded to the DPO at the above address. Furthermore, should you consider that the processing has not been carried out in a manner that complies with the GDPR, you may lodge a complaint with the Personal Data Protection Authority via the procedures indicated on the relevant website.
8. Change to Information
This information may change over time. We therefore recommend that you check that the version you are referring to is the most up-to-date version possible, which will always be available on the Ewiva s.r.l. website.
Date last updated: March 2024