This notice relates to the processing of personal data provided to or necessarily disclosed to evDirect Ltd in connection with the provision of the evDirect application and website.

The provisions of this notice do not apply to data relating to non-natural persons.

1.1. Name of the Controller, the concept of personal data and the Data Subject The Controller is the legal person that determines the purposes and means of the processing of personal data, either alone or jointly with others. In the context of this notice, evDirect (hereinafter referred to as "Controller"):

  • Data Controller: evDirect Kft.
  • Head office: 1066 Budapest, Teréz körút 46. 3. floor. 1.
  • Company registration number: 01-09-354544
  • Website: evdirect.hu
  • E-mail address: info@evdirect.hu
  • Phone number: +36 30 550 9858
  • Data Protection Officer: Kornél Hartung, Managing Director (corp@evdirect.hu)

1.2 Personal data for the purposes of this notice is any information relating to an identified or identifiable natural person (the "Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person). The data processed by the Data Controller are personal data.

2.1 The subject matter of this Privacy Policy, the legal basis for the processing of data is the evDirect website and application containing the network of electric car charging stations in Hungary. Its database is detailed, up-to-date and constantly updated. The application requires a continuous internet connection. The Operator is not responsible for the accuracy of the information contained in the Application, which the User is entitled to use at his/her own risk.

2.2 This Notice applies to the processing of data based on the Data Subjects' voluntary consent (by completing the "registration form" offered by the Application and sending it to the Data Controller, the Data Subject expressly consents to the Data Controller processing the personal data provided by the Data Subject in compliance with the applicable legal requirements).

2.3 The Controller does not verify the accuracy of the personal data provided by the Data Subject. Only the person providing the data is responsible for the correctness of the data. By providing his/her e-mail address, the Data Subject also accepts responsibility for the fact that he/she is the only person who uses the services from the e-mail address provided. If the personal data is not accurate and the accurate personal data is available to the Data Controller, the Data Controller is entitled to correct the personal data. The Data Controller reserves the right to unilaterally amend this Privacy Notice in the future. The Data Controller may, at its sole discretion, make changes to this Privacy Policy at any time without prior notice. By continuing to use the service, the User declares, even in the absence of an express declaration of consent, that he has taken note of the changed data processing rules and accepts them as binding on him.

2.4 By submitting your personal data, you declare that you have read and expressly accepted the version of this Policy in force at the time of submitting the data. The details of the processing by purpose are set out below. As stated in the consent form, you have the right to withdraw your consent to the processing at any time, in the case of processing based on consent.

2.5. The main legislation applicable to the above processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
  • Act CLV of 1997 on Consumer Protection

The legal basis for our processing is Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation") (processing based on consent).

4. The purpose of the Processing is to enable community-based evaluation and review of the Application in order to ensure the personalized and optimal operation of the Application and to provide customer service related to the use of the service, including the receipt of e-mail inquiries related to the service. The Data Controller will use the User's personal data only for the purposes for which they are collected.

5. Scope of data processed

  • e-mail address
  • surname and first name
  • billing address
  • type of car

6. Access to the data is restricted to the development staff maintaining the database.

7.1 We will delete the personal data processed without undue delay if the processing is not for the purposes specified by law or if the purpose of the processing has ceased.

7.2 The data processed with the consent of the Data Subject consumer will be deleted at any time, also at the request of the Data Subject.

7.3 The Data Controller shall process the personal data provided by the Data Subject until the Data Subject deletes the profile within the Application or until the Data Subject requests the deletion of his/her personal data in writing by unsubscribing from the service. The date of deletion shall be no more than 10 working days from the date of the Data Controller's receipt of the Data Subject's request for deletion (unsubscription), by electronic means, to the Data Controller.

7.4 The Controller shall delete the personal data of the Data Subject:

  • if its processing is unlawful, or if
  • if the personal data is incomplete or inaccurate and this situation cannot be lawfully remedied, provided that erasure is not excluded by law, or
  • if the purpose of the processing has ceased or the time limit for the storage of the personal data laid down by law has expired, or
  • if the erasure of the personal data has been ordered by a court or public authority.

7.5 Data that are automatically, technically recorded during the operation of the Application are stored in the system for a period of time from the moment they are generated that is reasonable for the operation of the system. The Data Controller shall ensure that such automatically recorded data cannot be linked to other personal data of the User, except in cases required by law. If the Data Subject has withdrawn his or her consent to the processing of his or her personal data or has unsubscribed from the service, his or her identity will no longer be identifiable from the technical data. The Data Subject has the possibility to modify his/her personal data at any time under the "My Account" tab in the Application interface. A change in personal data or a request for deletion or blocking of personal data may be communicated by means of an express written statement sent by electronic mail.

8.1.Data security The Data Controller undertakes to ensure the security of personal data, to take technical and organisational measures and to establish procedural rules to ensure that the personal data collected, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration.

8.2. The Data Controller undertakes to ensure the security of the personal data it processes, taking into account the state of science and technology and the costs of implementation, the nature, scope, context and purposes of the processing, as well as the rights and freedoms of natural persons, the risks to the rights and freedoms of the individuals concerned, taking into account the varying degrees of likelihood and severity of such risks, and shall take the technical and organisational measures and establish the rules of procedure necessary to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or alteration. The Data Controller also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Data Subjects to comply with the requirement of data security.

8.3 The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the Data Controller, its employees and its data processor(s) according to the level of authorisation and shall not be disclosed by the Data Controller to third parties not authorised to access the data.

8.4.Employees of the Controller and the Processor may have access to the personal data processed in accordance with the job functions defined by the Controller and the Processor, in a specific manner and according to the levels of access rights. The Controller or Processor shall classify and process personal data as confidential.

8.5 In order to ensure the security of the IT systems, the Data Controller protects the IT systems with a firewall and uses antivirus and anti-virus software to prevent external and internal data loss. The Data Controller has also ensured that incoming and outgoing electronic communications are properly monitored to prevent misuse. In order to protect the data files managed electronically in the various registers, the Data Controller ensures that the data stored in the registers cannot be directly linked and attributed to the user, subject to exceptions provided for by law.

9. Data Controllers:

  • KBOSS.hu Ltd. (1031 Budapest, Záhony utca 7.), which provides the invoicing module used in the application. Data processed: billing data.
  • myPOS Services OOD (Business Park Varna No B1, Varna, Bulgaria) provides payment services. Scope of data processed: billing data.