Talk to us

Privacy Policy

on the use of our Mobile Payment Site

1) General information

In this data protection notice, we inform you about the processing of personal data in the context of the use of our Mobile Payment Site. We process personal data exclusively on the basis of the applicable legal provisions (GDPR1, DSG2, TKG 20033).

2) Name and contact details of the persons responsible and the data protection officer

Responsible for the processing of personal data is:

has·to·be gmbh
FN 399512 v (Landesgericht Salzburg)
Salzburger Straße 26
A-5550 Radstadt

E-mail: datenschutz@has-to-be.com

If you have any questions about the processing of personal data in connection with the use of our Mobile Payment Site or about exercising your rights under GDPR, you can contact either us directly or our data protection officer, Dr. Katharina Vera Boesche, lawyer, c/o has·to·be gmbh, datenschutz@has-to-be.com.

3) No obligation to provide personal data

There is no obligation for you to actually provide the personal data we ask you to provide on our Mobile Payment Site. However, we are obliged under Directive 2011/83/EU4 (Directive on Consumer Rights) to provide you with certain information relating to the contract to be concluded with you before and after the conclusion of the contract. If you do not provide us with the personal data we ask you to provide on the Mobile Payment Site, we will not be able to fulfil our obligations under the Directive on Consumer Rights and are therefore not allowed to enter into a contract with you. Without providing the personal data for which we are asking you on the Mobile Payment Site, you will therefore not be able to carry out a Charging Process at a Charging Station operated with be.ENERGISED.

4) Categories of personal data processed

(1) Accessing the Mobile Payment Site
When you access our Mobile Payment Site in your browser, we process the following personal data:

  • IP address,
  • date and time of accessing our Mobile Payment Site or individual pages on the Mobile Payment Site,
  • Internet Service Provider (ISP),
  • operating system,
  • name and version of the browser,
  • website from which you accessed our Mobile Payment Site (“referrer URL"),
  • clickstream data.

(2) Contact via forms, email, or telephone
If you contact us via contact forms provided for this purpose on our Mobile Payment Site, by email, or telephone, the personal data provided by you, such as name, address, email address, telephone number, etc., will be processed by us.

(3) Payment data
When conducting the payment transaction, we process the following personal data:

  • details of the payment medium used,
  • details of the holder of the payment medium,
  • details of the payment amount,
  • other information in connection with online payment transactions.

(4) Use of cookies
Our Mobile Payment Site uses so-called cookies. These are small text files that are transmitted from our Mobile Payment Site to your browser and stored on your end device until you delete them. Cookies may contain personal data. All cookies on our Mobile Payment Site are technically necessary to ensure the functionality of the Mobile Payment Site.

5) Purposes of processing

The personal data mentioned in point 4) of this Privacy Policy are processed for the following purposes:

  • operation of the Mobile Payment Site including the detection and investigation of possible attacks on the Mobile Payment Site,
  • carrying out Charging Processes including the conducting of cashless payment and electronic billing as well as the conclusion of the associated contracts,
  • responding to enquiries about Charging Processes or invoices for Charging Processes,
  • providing support in connection with the performance of Charging Processes (support).

6) Legal basis for the processing

The personal data mentioned in point 4) sub-point (1) and (4) of this Privacy Policy are processed due to our legitimate interest in the secure and functioning operation of our Mobile Payment Site (Article 6 para. 1 lit. f GDPR).
The personal data mentioned in point 4) sub-point (2) and (3) of this Privacy Policy are processed for the performance of the contract or for the implementation of pre-contractual measures. Without the processing of personal data, we cannot initiate or conclude a contract and the associated payment process with you (Article 6 para. 1 lit. b GDPR).

7) Categories of recipients

For the purposes stated in point 5), we transmit your personal data to the IT service providers we use, in particular to the following recipients:

Name and address

Area of activity

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, 1885 Luxemburg, Luxemburg

Operation of cloud services

The Rocket Science Group LLC
675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA

Email Services

Payoneer Germany GmbH
Ganghoferstraße 39, 80339 München, Deutschland

Connection to payment services

SIX Payment Services (Europe) S.A., Austrian Branch
Marxergasse 1B, A-1030 Wien

Conduction of payment processes

Some of the above-mentioned recipients have their headquarters or connections in countries outside the European Union or the Agreement on the European Economic Area (third countries). The level of data protection in third countries may not correspond to that of the European Union.
However, we only transfer personal data to recipients with headquarters or connections in such third countries for which the European Commission has decided that they have an adequate level of data protection or we take additional measures to ensure an adequate level of data protection.
We enter into personal data protection agreements with all of the above recipients. With recipients in the US, we additionally conclude the Standard Contract Clauses (SCC)5 published by the European Commission. Detailed information on this is available on request at datenschutz@has-to-be.com.

8) Duration of the storage of personal data

Personal data will only be stored by us for as long as is absolutely necessary to achieve the purposes stated in point 5) and as this is permissible under applicable law, in particular for as long as statutory retention obligations exist or the limitation periods for potential legal claims have not yet expired.

9) Data subject rights

According to the GDPR, you have the following rights:

  • You have the right to obtain information about whether and which personal data we process about you and to whom we transfer it.
  • You have the right to request the rectification, restriction of processing or erasure of your personal data processed by us if you consider that they are inaccurate or incomplete or are being processed in part or in whole unlawfully.
  • You have the right to object to the processing of your personal data processed by us on the legal basis of legitimate interest if you consider that your interests override ours.
  • You have the right to receive personal data provided by you in a structured, commonly used and machine-readable format and to obtain its transfer to a third party designated by you.
  • You have the right to revoke any consent you have given for the processing of personal data at any time with effect for the future. However, this does not affect the lawfulness of the data processing carried out on the basis of your consent until revocation.
  • You have the right to lodge a complaint with the competent data protection authority.
    Should you wish to exercise any of the above-mentioned rights, please contact us or our data protection officer.

10) Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time due to a changing factual or legal situation. The current version can be found on our Mobile Payment Site at any time.

Foot notes

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  2. Bundesgesetz zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, BGBl I Nr 165/1999 in the version BGBl I Nr 14/2019 (Datenschutzgesetz – DSG).
  3. Bundesgesetz, mit dem ein Telekommunikationsgesetz erlassen wird, BGBl I Nr 70/2003 in the version BGBl I Nr 90/2020 (Telekommunikationsgesetz 2003 – TKG 2003).
  4. Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on Consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council (‘Directive on Consumer rights’).
  5. Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.