Paua | Making EV charging easier for business

Learn more about Paua PINS, shared depots project

Paua Privacy Policy

Updated 30th April 2024

Important information about your privacy

Any personal information we collect from you is processed in line with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and this notice. When you use our website or mobile applications, our Privacy Policy located on our website applies.

Paua Tech Limited (“we”, “us” and “our”) is the ‘data controller’ for the personal information you share with us.

If you have any specific concerns around the privacy of your personal information or require further information about how we manage your personal information, please get in touch with us directly:

By post: Paua Tech Limited, 92 Station Road, Clacton On Sea, Essex, CO15 1SG
By email: support@pauatech.com

How we collect data

As a Paua Tech Limited client, we collect personal information about you in connection with our products and services in the following ways:

  • from your application for a Paua Tech Limited product or service; (either for yourself, for a business you work for or for a partner service)
  • through analysis of your transactions and activities with us
  • publicly available sources, such as Companies House
  • as part of our new business intake procedures in the course of providing you with EV charging services
  • your personal interactions with us, such as face to face meetings, telephone calls, correspondence, various forms of electronic communications
  • your use of our website or mobile applications and Paua services, whether accessed directly or via a white-labelled services (i.e. a service provided via one of our partners or enterprise customers)
  • analysis of your dealings and transactions with us
  • by consulting third parties, such as credit reference agencies, market research, surveys, social networking sites, fraud prevention agencies, government and law enforcement agencies
  • reviewing information about you and third parties from sources which are publicly available, such as Companies House.

Information we collect

Personal information we collect may include:

  • basic data such as your name, surname, title, date of birth and gender and your relationship to other persons
  • contact data such as postal address, email address and telephone numbers
  • Vehicle data - such as make, model, license plate, vehicle operating system, mileage, state of charge, VIN number, road tax, vehicle location and MOT. Where our services utilise a vehicle operating or telematics system, we may receive some of this data from suppliers of telematics systems and connected car services in accordance with applicable law.
  • electricity rates of your electricity provider if you utilise certain of our services, such as Paua Reimburse
  • location-based data from your mobile device (with your consent)
  • financial data such as your bank account details, and payments made to and received from you with regard invoices and contracts you sign up to
  • new business signup data such as the company name and number and details associated with fleet drivers
  • marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences
  • security data such as logins and passwords for our services to you
  • identifiers such as allocated Paua RFID card or unique user ID
  • behavioural data such as customer profiling and other information derived from your use of our services
  • Computer device data such as type of device, operating system, IP address, cookie data
  • business administration and administrative purposes.

How the law protects you

We are allowed to use personal information only if we have a suitable legal basis to do so. We will only process your personal data on one of the following legal bases:

  • to fulfil a contract we have with you
  • when it is our legal duty
  • when it is in our legitimate interest and is not overridden by your interests, rights and freedoms
  • when you consent to it.
  • A legitimate interest is when we have a business or commercial reason to use your information including but not limited to internal administrative purposes, product development and enhancement, preventing fraud, ensuring network and information security. However, this is only where our legitimate interests are not overridden by your interests, rights and freedoms.

How we use your personal information

We may use your personal information for the following purposes:

  1. to create and administer your client business account, to help develop, and tailor our EV charging services to you. This will include development and testing of the products we offer as well as troubleshooting any concerns you may raise (legal basis: performance of a contract)
  2. to communicate with you, and provide information on specific products and/or services when you request it (legal basis: performance of a contract)
  3. to help us prevent, detect and investigate fraud and other financial crimes. Authentication of accounts, detection and prevention of malicious conduct to protect the integrity of the products we offer (legal basis: fulfilment of legal obligations to which we are subject or our legitimate interest, for example preventing fraud before it takes place)
  4. to maintain the security of our services, as well as to detect and investigate activities that may be illegal or prohibited (legal basis: fulfilment of legal obligations to which we are subject or our legitimate interest that are to ensure the security of our services)
  5. to send you marketing information or Paua service updates, to invite you to our events or to ask you to participate in customer satisfaction surveys and market research. We will process your data for our legitimate interest that are to promote our services to existing clients. We will seek your consent when required to do so by law. You can oppose to this processing or withdraw your consent at any time by clicking the ‘Unsubscribe’ option in any of our marketing electronic communications or by emailing support@pauatech.com. Please be aware that this will not affect the lawfulness of any past activities we have undertaken based on your previous consent. It can take a short time for any updates to be applied to our systems, so you may still receive marketing messages while this is happening. We will continue to use your contact details for the purposes referred to in points 1–4 above
  6. to personalise our service offerings and related communications. (legal basis: your consent).

The processing of personal data about you for the purposes of carrying out the activities referred to in points 1–4 above is strictly necessary. The refusal to provide some of these data could render us unable to perform the tasks related to your matter. The provision of personal information for the purposes referred to in point 6 is optional. The refusal to provide these data for these purposes will have no consequence for you.

Sharing your personal information

We may share your personal information with:

  • our service providers, professional advisors and third parties who provide services on our behalf including suppliers of telematics systems and connected car services and Charge Point Operators
  • your employer or vehicle provider
  • payment processors
  • agents and administrators who we use to help run your accounts
  • credit referencing agencies
  • fraud prevention and law enforcement agencies
  • regulators, governments, courts, dispute resolution bodies, auditors
  • actual or prospective acquirers or investors and their advisors, i.e. . third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them
  • in the case of a white label app we will share data directly with our white label partners (who are clearly presented to you when using the solution).

We do this to:

  • provide, manage and maintain the service for you
  • prevent fraud and other financial crimes
  • respond to enquiries and complaints
  • undertake transactional analysis
  • evaluate the effectiveness of marketing and for market research and training
  • support the provisions of service
  • support any due diligence for an investment, merger or acquisition
  • comply with legal obligations, court orders, laws or regulations.

If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

Where your personal information will be sent

Your data may be transferred outside of the European Union or the UK from time to time to trusted service providers and third parties.

In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate safeguards to protect your personal information, such as the European Commission approved Standard Contractual Clauses. To obtain further information on the data transfer mechanism on which we rely, please contact us as set out below.

In some countries the law may require us to share certain information, for example with tax authorities. In these cases, we will only share the data with people who have the legal right to see it.

Security

We take all reasonable precautions to keep your personal information secure, including safeguards against unauthorised access, use, or data loss. This includes ensuring our staff, partners and any third parties who perform work on our behalf comply with security standards as part of their contractual obligations.

Paua takes software security seriously and has taken several steps to protect your personal data.

  • Paua uses tools to detect risks when coding the applications such as, code injection attacks, cross-site scripting, unvalidated redirects, and violation of data isolation when querying different databases.
  • Paua enforces HTTPS/SSL encryption for all our applications and web services.
  • Paua implements a role-based access only allowing users with specific roles to access their permitted apps, screens or functionality.
  • Paua also tracks the details of access to application screens.
  • Paua logs all access to external systems performed through web services or custom integration logic. Paua also logs all web service requests to applications running inside the Paua platform. The logs keep a record of who made the request, the request’s target, the method called, how long the request took, and the exact time of the request. This enables any security issues to be tracked down efficiently.
  • Paua uses tools that address and help prevent the threat from the most critical security risks to web and mobile applications as defined per OWASP Top 10 and OWASP Mobile Top 10.

Paua fulfils the necessary technical and organizational measures, which ensure and demonstrate that privacy laws are being followed in the processing of personal data.

Should you become aware of a security vulnerability or bug across any part of our services, we encourage the disclosure such vulnerabilities by emailing apps@pauatech.com.

Retaining your information

We will retain your personal information for as long as is necessary for the purposes described above. Typically, we will retain your data to fulfil our business purposes, to comply with legal and regulatory requirements, or for any legal claims. We may keep your data for longer where this is necessary for statistical and historical research purposes. However, we will ensure all personally identifiable information is removed and at the appropriate time.

What rights and options do you have

As well as our obligations, and commitment, to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations.

You can exercise these rights at any time by contacting us using the contact details above.

You may have some or all of the following rights in respect of the information about you that we process:

  • request us to give you access to it
  • request us to rectify and update it
  • request us to restrict our using it, in certain circumstances
  • request us to erase it, in certain circumstances object to our using it, in certain circumstances
  • withdraw your consent to our using it
  • data portability, in certain circumstances
  • request us not to use it for direct marketing.

How we respond to your rights

You can exercise these rights at any time by contacting us using the contact details provided.

  • we may need to validate your identity before we can respond to your request
  • if we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it
  • once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete
  • we will always let you know whether we accept, or refuse, your request.

Making a data protection complaint

If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details provided.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with a relevant Supervisory Authority.

The UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk

Third party links

Our Website and Mobile applications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

Cookies

Cookies are small pieces of information, normally consisting of just letters and numbers, which online services provide when users visit them. Software on the user’s device (web browser) can store cookies and send them back to the website next time they visit. Cookies are a specific technology that store information between website visits. They are used for various purposes, such as remembering what’s in a shopping basket when shopping for goods online, supporting users to log in to a website, analysing traffic to a website, and tracking users’ browsing behaviour.

Cookies can be useful because they allow a website to recognise a user’s device. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Without cookies, or some other similar method, websites may have no way to ‘remember’ anything about visitors, such as how many items are in a shopping basket or whether they are logged in. There are some other technologies, similar to cookies, which can also identify and ‘remember’ website visitors. These include, for example, using certain characteristics to identify devices (device fingerprinting), using scripts, tracking pixels, plugins and social media buttons. We collectively refer to these as ‘tracking technologies’.

Some tracking technologies, particularly those that track users’ browsing behaviour across different websites are perceived by data protection regulators as privacy-intrusive. We are, therefore, presenting a Cookies Policy to our website visitors in order to explain why and how we use this technology.

Our website uses the following types of technologies:

  • Strictly necessary technologies. These technologies enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these technologies, and can only be disabled by changing your browser preferences. Strictly necessary technologies are always ‘on’ by default.
  • Preference tracking technologies. Preference technologies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Website Analytics. Such tracking technologies help us to improve our website by collecting and reporting information on its usage.

You can find more information on our use of tracking technologies in our Cookies Policy here.

In addition to the controls provided on our website via the pop-up, you can choose to block cookies by activating the settings on your browser that allow you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of the website. Your browser settings also allow you to delete all cookies stored on your device whenever you wish.

The UK Information Commissioner’s Office provides the following guidance on controlling cookies:

  • A number of websites provide detailed information on cookies, including AboutCookies.org and AllAboutCookies.org.
  • The European Interactive Digital Advertising Alliance website Your Online Choices allows you to install opt-out cookies across different advertising networks.
  • Google has developed a browser add-on to allow users to opt-out of Google Analytics across all websites which use it. This is also available in the Chrome web store.
  • Some browsers include a feature known as ‘Do Not Track’ or DNT. This allows you to indicate a preference that websites should not track you. However, whilst DNT is available in many browsers, websites are not required to recognise its request, so it may not always work. You can get help on how to use DNT in Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Opera.
  • For more information on how private browsing works as well as its limitations, visit the support pages for your browser: Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Safari (IOS and desktop) and Opera.

If you are really concerned about online tracking then we can recommend you the below software solutions, however your use of such solutions is entirely at your own risk:

  • Install a privacy-friendly browser on your device, such as Mozilla Firefox, Firefox Focus or Brave;
  • Install anti-tracking and ad-blocking plug-ins on that browser, such as Ad Block Plus, Ghostery or PrivacyBadger; and
  • Use privacy-friendly web search engines, such as DuckDuckGo or Ecosia.

If you have any questions about the cookies or similar technologies in use on our website, our mobile apps or in the newsletter, please send us an email at the details above.

Changes to this privacy notice

We may update this notice (and any supplemental privacy notice) from time to time. We will notify you of the changes where required by law to do so.

Footer section

Paua logo featuring two pink chevrons followed by the company name in a deep shade of blue, using a sleek and modern font

92 Station Road
Clacton On Sea
Essex
CO15 1SG
United Kingdom

Logo of linkedin, linking to Paua's linkedin accountIcon of X (formerly Twitter), linking to Paua's accountLogo of instagram, linking to Paua's instagram account
logo of the association of fleet professionalsCyber Essentials Plus Certificate - Effective, Government backed minimum standard scheme that protects against the most common cyber attacks - audited
BVRLA Associate logoRenewable Energy Association logo
Logo of linkedin, linking to Paua's linkedin accountIcon of X (formerly Twitter), linking to Paua's accountLogo of instagram, linking to Paua's instagram account
© Paua Tech Limited. All rights reserved.