Privacy Policy

Download Document

Last updated on September, 2022

Welcome to Bonnet Ltd’s privacy policy!

Your privacy is important to us. It is Bonnet Ltd's policy to respect your privacy regarding any information about you we may collect, use or otherwise process via our app, website or throughout any other interaction you have with us (for example, by getting in touch with us to obtain more information about our services or give us feedback). 

Bonnet’s services are not intended for children and we do not knowingly collect data relating to children.

1. Important information and who we are

We are Bonnet Ltd (collectively referred to as we, our, us in this policy) and we are the “data controller” for the purpose of data protection legislation. We are responsible for your personal information and, by law, we are required to provide you with information about us, about how and why we use and process your data and the legal rights you have as data subject.

So, if you’re looking for more information on how we keep your information safe and how we collect, store, use and share your personal data, this is the right place for you!

We are not required by law to appoint a data protection officer (DPO), so any questions about this policy or our privacy practices, including any requests to exercise “your legal rights”, shall be addressed to us via e-mail at contact@joinbonnet.com

2. Information we collect 

LOG DATA 

When you access our servers via Bonnet, we may automatically log the standard usage data provided by your device. This data may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details. 

Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information that may have contributed to the problem. 

DEVICE DATA

Our app may also access and collect data via your device's in-built tools, such as: 

• Your identity
• Location data
• Camera (for allowing our app to scan the respective QR code of the charging station you are using)
• Contacts
• Phone/SMS
• Storage, photos and/or media
• Notifications
• Background data refresh
• Mobile data
• Device/app history
• Data stored via Apple Pay

What we collect can depend on the individual settings of your device and the permissions you grant when you install and use the app. 

PERSONAL INFORMATION

We may ask for personal information, such as your:

• Name
• Email
• Social media profiles
• Date of birth
• Phone/mobile number
• Home/Mailing address
• Work address
• Payment information
• Payment information via Apple Pay

BUSINESS DATA

Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services. 

THIRD PARTY DATA

We may also collect data about you from third parties such as:

• analytics providers (such as Google); and
• commercial subscribers (e.g. your organisation) in case you are a person using the services in relation to your employment or consultancy engagement for commercial purpose.

AGGREGATED DATA

We may also collect or create Aggregated Data about you such as statistical or demographic data for any purpose. Such Aggregated Data could be derived from your personal information but is not considered personal data in law as this data will not directly or indirectly reveal your identity. This data is used for industry and market analysis, demographic profiling, marketing and other business purposes. For example, we may generate aggregated data about the number of users using specific EV charging stations and share that data in anonymous format with Charging Point Operators and/or other partners. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information, which will be used in accordance with this Policy.

3. Legal bases for processing

We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so. 

These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where: 

• it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us); 
• it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests; 
• you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or 
• we need to process your data to comply with a legal obligation. 

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). 

4. Collection and use of information

We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes: 

• for technical assessment, including to operate and improve our app, associated applications and associated social media platforms; 
• to provide you with our app and platform's core features; 
• to process any transactional or ongoing payments; 
• to enable you to access and use our app, associated platforms and associated social media channels; 
• to contact and communicate with you; 
• for internal record keeping and administrative purposes; 
• for analytics, market research and business development, including to operate and improve our app, associated applications and associated social media platforms; 
• to run competitions and/or offer additional benefits to you; 
• or advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you; • to comply with our legal obligations and resolve any disputes that we may have; and 
• to consider your employment application. 

5. Disclosure of personal information to third parties

We may disclose personal information to:

• third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers (such as Amazon Web Services), ad networks, analytics (such as Google Analytics), app development platforms (such as Google Firebase), error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators (such as Stripe); 
• the organisation that has hired you as an employee or consultant, if you use our services for commercial purposes. This includes information about the charging points you have used, the volume of electricity you have consumed, the frequency of your charging sessions, among others, which may be disclosed either at aggregated or individual level at Bonnet’s sole discretion. Generally such information is used by commercial subscribers (in this case, your organisation) for business purpose such as assessing and monitoring how employees are using Bonnet’s services (fe.g. are employees or consultants using the best route, are they being efficient in their driving, etc).
• our employees, contractors and/or related entities (on a “need to know” basis); 
• sponsors or promoters of any competition we run; 
• credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you; 
• courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
• third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you (this includes charge point operators).

7. Data Retention and Security

We don’t keep personal information for longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person. 

8. Your rights and controlling your personal information 

CHOICE AND CONSENT:

By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our app or the products and/or services offered on or through it. 

ACCESS (commonly known as a "data subject access request")

You may request details or a copy of the personal information that we hold about you.  Where possible, we will provide this information in CSV format or other easily readable machine format.

RESTRICT:

You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our app or products and services. 

ERASURE:

You may request that we erase the personal information we hold about you at any time where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

DATA PORTABILITY:  

You may also request that we transfer this personal information to another third party. In this case, we will transfer your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

CORRECTION:  

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date. 

WITHDRAW CONSENT AT ANY TIME:

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). 

No fee usually required:

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you:

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond:

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

COMPLAINTS:

If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

MARKETING:

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. 

Direct marketing from us:

We may send you marketing communications from time to time about our new products and offers, provided that we obtain your consent to do so.If you have already purchased goods or services from us, we may send you electronic marketing communications about products we feel may interest you (based on your prior experience with us) if you have not opted out from that marketing messages.

Third-party marketing:

We do not share your personal information with any third-party for marketing purpose and we will get your express opt-in consent if we decide at some point to do so. 

UNSUBSCRIBE:  

If you want to unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication. 

7. Cookies

Our privacy policy covers the use of cookies between your device and our servers.  

A cookie is a small piece of data that an app may store on your device, typically containing a unique identifier that allows the app servers to recognise your device when you use the app; information about your account, session and/or device; additional data that serves the purpose of the cookie, and any self-maintenance information about the cookie itself. 

We use cookies to give your device access to core features of our app, to track app usage and performance on your device, to tailor your experience of our app based on your preferences, and to serve advertising to your device. Any communication of cookie data between your device and our servers occurs within a secure environment. 

8. Business transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy. 

9. Limits of our policy

Our applications (including both app and website) may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices. 

10. Changes to this policy

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes by uploading a new version of this policy on the app and the website. We will send you an e-mail or post an update notice on our website so that you become aware of the updated version of this policy. Your continued use of our applications (including both app and website) after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information. 

If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.