Privacy Policy
PRIVACY STATEMENT
Respect for privacy is an important part of Mer’s corporate culture. This culture facilitates that customers, suppliers, and other stakeholders can have confidence that Mer processes their personal data in a proper manner. We work continuously to ensure compliance with applicable privacy laws, as well as our internal guidelines for the privacy and protection of personal data. This privacy statement explains how, why, and for how long Mer processes personal information about you.
WHO IS RESPONSIBLE FOR PROCESSING PERSONAL DATA
Mer Charging UK Limited (Mer UK – Public) and Mer Fleet Services Limited (Mer UK – Business Charging) are controllers and responsible for ensuring that personal data is processed in compliance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR), and national data protection laws. Mer UK – Public and Mer UK – Business Charging may be joint controllers together with one or more companies within Mer Group.
THE PERSONAL DATA WE PROCESS
We process personal data in order to operate efficiently and provide the necessary services to our customers. We process the following personal data:
- contact information
- user account information
- charging consumption and consumption pattern
- financial information: for example payment card number
- details of what rights you have on behalf of the company you represent
WHY DO WE PROCESS PERSONAL INFORMATION?
We process personal data to provide or procure products or services to or from you or your organisation.
This includes the following purposes:
- Security and availability of our services
- Improving our service and communication channels
- Direct marketing
- Customer service
- Communication and social media
- Audits, inspections and reviews
- Due diligence
- Purchasing and procurement
- Recruitment
HOW WE COLLECT PERSONAL DATA
We collect personal data from various sources. Below you will find some situations where we collect personal data.
Data you provide to us, for example when you:
- enter into contracts or agreements with us
- submit forms to us
- access our websites or use our social media platforms
- establish a customer or supplier account with us
- send us emails or contact us through other channels
Data collected from your activity, for example when you
- use our websites
- use our services app and/or portal
- order products or services from us
- location data once you have given consent
Data collected from third parties, for example from:
- public authorities
- credit institutions
- other publicly available information
STORAGE OF PERSONAL DATA
We store personal data for as long as is necessary to fulfil the purpose of the processing or to fulfil our legal obligations, e.g. accounting data will be retained as long as is required to meet legal obligations.
Your personal data is stored and deleted in accordance with applicable laws. This means that personal data about customers is deleted or anonymized when the customer no longer has a relationship with Mer to comply with such laws, for example customers using public chargers are considered as inactive customers 18 months since they last used Mer’s chargers. After this time, Mer will email to the customer informing them that their account will be deactivated and personal data deleted unless the account is reactivated. Unless reactivated, the personal data will be deleted three months after the reminder was sent.
WHO DO WE SHARE PERSONAL DATA WITH?
We share personal data with:
Suppliers
We use a number of suppliers who provide services within IT, cloud computing, etc. We allow such suppliers to access / receive your personal data to the extent that it is necessary to provide the services. We enter into data processor agreements with our suppliers in order to protect your personal data. To deliver our services, we may use data processors located outside the EU/EEA, which means your personal data may be transferred or accessed by such entities. To ensure compliance with applicable EU regulations, including GDPR, we rely on legal mechanisms such as adequacy decisions and standard contractual clauses (SCCs).
Public authorities
We will also disclose personal data where there is a legal requirement, i.e. where it follows from a judgment, ruling or decision of a court or administrative authorities, or as part of a legal process.
HOW WE SECURE YOUR PERSONAL DATA
We commit to protecting your personal data:
- We ensure that personal data is correct, accessible and protected according to the degree of sensitivity and risk
- We use a variety of security technologies and information security procedures to protect your personal data from unauthorised access, use or disclosure.
- We restrict access to your personal information to the staff or third parties who process the information on Mer’s behalf. These parties are subject to strict confidentiality requirements and Mer may take disciplinary action or terminate the agreement if these requirements are not complied with.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Mer processes personal data only if, and to that extent, at least one of the following situations applies:
- Consent: the data subject has consented to the processing of their personal data for specific reasons, e.g. user surveys or direct marketing
- Contractual Necessity: processing is necessary for the performance of a contract with the data subject, or to take steps prior to entering into a contract, e.g. processing personal data to deliver charging services.
- Legal Obligation: processing is necessary to comply with statutory obligations, e.g. processing personal data for accounting purposes.
- Public Interest/Official Authority: processing is necessary for tasks carried out in the public interest or under official authority
- Legitimate Interests: processing is necessary for legitimate interests pursued by Mer or a third party, provided they do not override the rights and freedoms of the data subject, e.g. processing user logs to ensure the security and stability of digital solutions.
YOUR RIGHTS
You have the right to ask us, at any time, to:
- give you further details on how we process your personal information
- give you a copy of the data we process relating to you
- update/correct your personal data
- delete personal data that we no longer have a legal basis to process
- provide you with your personal data in a structured, well-known, and machine-readable format or transfer the information to another data controller
- stop specific processing of personal data that is based on a legitimate interest, except if our purpose of the processing does not outweigh the consideration of your data protection rights
- restrict how we use your personal data
- complain via the contact information set out below in this privacy statement or to the relevant judicial authority
CONTACT US
If you have any queries, questions, or complaints in connection with this privacy statement or our use of personal information you can contact us at [email protected]. You may also contact our Data Protection Officer via [email protected] .
If you believe that we process personal data in breach of the data protection legislation and your rights as a data subject, you also have the right to file a complaint to the local data protection authority, Information Commissioner’s Office using this contact form.
ABOUT THIS PRIVACY STATEMENT
This privacy statement is based on the transparency requirement of Regulation (EU) 2016/679 (General Data Protection Regulation). We will update this privacy statement when necessary. Changes will be published in this document.