Ir al contenido

Privacy Policy

AMPAI Privacy Policy

Last Updated: 30th of December 2024

1. Introduction

Welcome to AMPAI! 

This Privacy Policy explains how AMPAI SA (operating as "AMPAI," "we," "our," or "us") collects, uses, and protects your personal data when you use our AMPAI Operating System (OS) platform, including our services like ChargeCentral, FleetIQ, AmpConnect, our website (ampai.energy), and related services (collectively, the "Services"). 

AMPAI SA is the Data Controller responsible for processing your personal data in connection with the Services. 

We are committed to protecting your privacy and handling your data transparently and securely in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. 

This policy applies to our customers (like Charge Point Operators, Fleet Managers, Destination Owners), their end-users (like EV drivers using managed chargers or fleet services), website visitors, and anyone else interacting with our Services. 

If you have any questions about this policy or how we handle your data, please contact us using the details provided in the 'Contact Us' section below.

2. What Personal Data We Collect

We collect data necessary to provide and improve our Services. This may include:

  • Account & Contact Information: Name, email address, phone number, company name, job title (for business users).
  • Charging & Energy Data: Information about charging sessions initiated or managed via AMPAI OS (e.g., station ID, start/end time, energy consumed (kWh), vehicle ID for fleets, tariff information). We do not collect unnecessary driver behaviour data.
  • Fleet Data (for FleetIQ users): Vehicle identifiers, driver assignments (if managed by the Fleet Manager), RFID card identifiers, charging locations used (workplace, depot, authorized public).
  • Technical & Usage Data: IP address, device information, browser type, operating system, usage patterns within the AMPAI OS platform (e.g., features used, API calls via AmpConnect), interaction with our website (via cookies – see our Cookie Policy).
  • Payment Information: If you use features requiring payment, we utilize secure third-party payment processors. We do not store your full credit card details ourselves, but receive transaction confirmations.
  • Support & Communication Data: Information you provide when contacting us for support or inquiries (e.g., email content, chat logs).

3. How We Use Your Personal Data (Purposes & Legal Basis)

We process your data for the following purposes, relying on specific legal bases under GDPR:

  • Providing & Operating the Services: Managing user accounts, enabling charging session control (ChargeCentral), facilitating fleet management (FleetIQ), enabling integrations (AmpConnect), processing transactions (if applicable).
    • Legal Basis: Performance of a contract, Legitimate interest.
  • Improving Our Services: Analyzing usage patterns (often in aggregated/anonymized form) to understand user needs, troubleshoot issues, enhance features, and optimize performance.
    • Legal Basis: Legitimate interest.
  • Communication: Sending essential service updates, security alerts, support responses, and administrative messages. Responding to your inquiries.
    • Legal Basis: Performance of a contract, Legitimate interest.
  • Marketing & Newsletters (Optional): Sending promotional information about AMPAI services or updates, only if you have explicitly consented to receive such communications. You can opt-out at any time.
    • Legal Basis: Consent.
  • Billing & Account Management: Managing subscriptions, invoicing, and payments.
    • Legal Basis: Performance of a contract, Legal obligation.
  • Security & Compliance: Protecting the security and integrity of our platform, preventing fraud, and complying with legal obligations.
    • Legal Basis: Legal obligation, Legitimate interest.

4. Who We Share Your Data With (Recipients)

We limit data sharing and only do so when necessary:

  • Service Providers (Data Processors): We use trusted third-party companies to help us operate our Services (e.g., cloud hosting like AWS, analytics tools, support platforms, payment processors). These providers process data only on our instructions and are bound by strict data processing agreements.
  • Your Organization (Our Customer): If you use AMPAI OS as an employee (e.g., a fleet driver), your employer (the AMPAI customer) may have access to data relevant to their management of the service (e.g., charging session details linked to a company vehicle or RFID card).
  • Roaming Partners (eMSPs): If our customer (e.g., a CPO) enables roaming features via OCPI through AmpConnect, necessary session data may be shared with the chosen eMSP(s) to facilitate the roaming service for end-users. AMPAI acts as a neutral facilitator based on customer configuration.
  • Integration Partners: If our customer configures integrations via AmpConnect (e.g., connecting to their Property Management System or Fleet Management Software), data will flow between AMPAI OS and that system as directed by the customer.
  • Legal Requirements: We may disclose data if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We do not sell your personal data to third parties.

5. Data Storage, Security & International Transfers

  • Security: We implement appropriate technical and organizational security measures (including encryption, access controls, firewalls) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
  • Storage Location: We primarily store and process data within the European Economic Area (EEA), utilizing secure cloud infrastructure like Amazon Web Services (AWS) located in regions such as [Your AWS Region, e.g., Frankfurt, Ireland].
  • International Transfers: If we use service providers located outside the EEA, we ensure that data transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions, ensuring your data receives a level of protection equivalent to that within the EEA.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, complying with legal obligations (e.g., accounting records), resolving disputes, and enforcing our agreements. When data is no longer needed, we securely delete or anonymize it. Anonymized data may be kept longer for statistical analysis.

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your data where it's no longer necessary or legally required for us to keep it.
  • Right to Restriction of Processing: Request limitation of how we process your data in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a machine-readable format to transfer to another service.
  • Right to Object: Object to processing based on our legitimate interests.
  • Right to Withdraw Consent: Withdraw your consent at any time for processing based on consent (like marketing).
  • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at [[email protected]]. We will respond to your request within the timeframes required by law, typically within one month. We may need to verify your identity before processing your request.

8. Cookies

We use cookies and similar technologies on our website and platform. For more details on the types of cookies we use and how to manage your preferences, please see our separate Cookie Policy.

9. Children's Privacy

Our Services are not intended for or directed at individuals under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

[[email protected]]