Contact

Become a partner

Are you looking for a suitable solution?

Privacy Policy according to Art. 13 and Art. 14 of the EU General Data Protection Regulation (GDPR)

 

We provide the English version of our privacy policy as an information service. In case of doubt, the German language version shall always prevail.

 

1 Responsible body and data protection officer 

This privacy policy applies to the following companies

Compleo Charging Solutions GbmH & Co. KG
based at:
Ezzestraße 8
44379 Dortmund 
Germany 

T: +49 2306 923 70 
info@compleo-cs.com 
VAT ID: DE362178129

Management board: Dr. Björn Dietrich, Dr. Manfred Gerhard, Dr. Gregor M. Schmeken
Responsible in the sense of. §18 para. 2 MStV: Dr. Björn Dietrich

as well as:

Compleo Charging Solutions GmbH
Speisinger Straße 25/12
AT-1130 Vienna
Austria
T: +49 231 53492370
F: +49 2306 923 790
info@compleo-cs.com
VAT-ID: ATU77166326
Management Board: Dr. Björn Dietrich, Dr. Manfred Gerhard, Dr. Gregor M. Schmeken

Compleo Charging Solutions AG Schweiz
Hardturmstrasse 161
8005 Zürich
Switzerland
T: +49 231 53492370
F: +49 2306 923 790
info@compleo-cs.com
Company identification number UID: CHE-374.216.149

2 Data Protection Officer 

You can reach our external data protection officer at 
Karsten Schulz 
datenschutz@compleo-cs.de 
M: +49 151 22631968 

 

3 Website and hosting 

3.1 Purposes of processing 

We log technical data in the web server logs for each access of our website in order to ensure operational security and to be able to investigate and rectify faults. The access logs of the web servers record which page views have taken place and when. They contain the following data: IP address, date, time, accessed pages, logs, status code, amount of data, referrer, user agent, accessed host name. The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are anonymised in the same way. 

3.2 Lawfulness of processing 

Art. 6 para. 1f GDPR, our legitimate interest in being able to operate the website securely and to ensure a defined external presentation. 

3.3 Recipients or categories of recipients 

Our web services are administered within the framework of order processing in accordance with Art. 28 GDPR. 

3.4 Storage periods 

The anonymised IP addresses are stored for 60 days. Error logs, which record faulty page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website. 

 

4 Contact and communication with you 

4.1 Purposes of processing 

If you contact us by email, contact form, telephone or post, we will process your data to fulfil your request and any subsequent activities that may result. These activities may include: Processing enquiries, applications, service requests as well as maintaining contact, providing advice and advertising our products and services, analysing our processes and taking measures to improve process quality. 

In doing so, we process the information you provide to us, such as names, contact details, e-mail addresses and telephone numbers and, of course, the content of your enquiry. 

4.2 Lawfulness of processing 

The legal basis may be Art. 6 (1f) GDPR, our legitimate interest in communicating with you and processing your enquiry, or Art. 6 (1b) GDPR, to carry out necessary pre-contractual or contractual measures. Where you have given us consent, Art. 6 (1a) GDPR is the applicable legal basis. 

4.3 Recipients or categories of recipients 

We transmit your enquiries to our corresponding departments and within the group of companies, in the sense of §§ 15 ff. German Stock Corporation Act (AktG) with Compleo Charging Solutions AG, to the Compleo company suitable for your enquiry in each case. Furthermore, we use services of service providers within the scope of order processing according to Art. 28 GDPR, for example to secure e-mail traffic and to comply with quality features as well as to process your service requests. Some of the processing may take place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses are agreed with the respective service providers and special technical and organisational protection measures are provided. 

4.4 Storage periods 

As a general rule, a deletion process is started when the processing operation is completed. In certain cases, further processing, such as required retention periods, follow the actual processing. For example, e-mails with tax-relevant content are stored in accordance with the statutory retention periods (e.g. 6 years for commercial letters in accordance with the German Commercial Code (HGB), 10 years for tax documents in accordance with the German Fiscal Code (AO)) and then deleted. 

 

5 Cookies Used on This Website

On our website, we use cookies and similar technologies to ensure the functionality of the website, improve the user experience, enable statistical analysis, and display targeted advertising. Some of these cookies are technically necessary, while others are used for analytics, preference storage, or marketing purposes.

Cookies are small text files that are stored on your device and contain specific information, such as your usage behavior or your preferences. The legal basis for the use of technically necessary cookies is Art. 6 (1) lit. f GDPR (legitimate interests). For all other types of cookies—especially those used for statistics, preferences, and marketing—your consent is required in accordance with Art. 6 (1) lit. a GDPR.

You can withdraw or change your consent at any time by adjusting your cookie settings at the website compleo-charging.com via the Usercentrics widget. Your current consent ID and the date can be found there.

Recipients and Third Country Transfers

Some cookies are set by third-party providers (e.g., Google, LinkedIn, Salesforce, YouTube). In some cases, this may result in the transfer of personal data to third countries outside the EU/EEA, especially to the USA. Such transfers take place on the basis of your consent in accordance with Art. 49 (1) lit. a GDPR. For more detailed information, please refer to the privacy policies of the respective providers.

Retention Periods and Management

The retention periods of the cookies used vary depending on category and provider. Session cookies are deleted after you close your browser session, while other cookies may be stored for up to 10 years. Please refer to the tables below for details.

5.1 Necessary Cookies

These cookies are required for the basic functions of the website and cannot be switched off.

Name

Provider

Purpose

Retention Period

Type

ar_debug

Google

Checks for debugger cookie

3 months

HTTP-cookie

bcookie

LinkedIn

Spam detection and security

1 year

HTTP-cookie

CookieConsent [x2]

Usercentrics

Stores the user's consent status

1 year

HTTP-cookie

CookieConsentPolicy

compleo.my.salesforce-sites.com

Stores the user's consent status

1 year

HTTP-cookie

ErrorHistory#store

compleo.my.salesforce-sites.com

Error detection to improve user experience

Persistent

IndexedDB

fe_typo_user

www.compleo-charging.com

Session management

Session

HTTP-cookie

li_gc

LinkedIn

Stores the user's consent status

180 days

HTTP-cookie

lightningOutDelegateVersion

www.compleo-charging.com

Device recognition and display

Persistent

Local Storage

lpv<accountid>

Salesforce

Prevents multiple page view tracking within a session

30 days

HTTP-cookie

LSKey-c$CookieConsentPolicy

compleo.my.salesforce-sites.com

Cookie banner acceptance

1 year

HTTP-cookie

object(#-#-##:#:#.#)

www.compleo-charging.com

Stores user's time zone

Persistent

Local Storage

pardot [x3]

Salesforce / get.compleo-cs.com

Session management for Pardot

30 days

HTTP-cookie

pi_opt_in#

get.compleo-cs.com

Opt-in/out for tracking/targeting

10 years

HTTP-cookie

pi_opt_in<accountid>

Salesforce

Tracking opt-in/out depending on user decision

30 days

HTTP-cookie

t3D, tADe, tADu, tAE, tC, tMQ, tnsApp, tPL, tTDe, tTDu, tTE, tTf

www.compleo-charging.com

Website presentation & settings

Persistent

Local Storage

visitor_id<accountid>, visitor_id<accountid>-hash

Salesforce

Visitor identification & security

30 days

HTTP-cookie

5.2 Preference Cookies

These cookies enable the storage of user settings and preferences.

Name

Provider

Purpose

Retention Period

Type

lidc

LinkedIn

Load balancing for optimal user experience

1 day

HTTP-cookie

5.3 Statistical Cookies

These cookies are used to analyze user behavior and improve our services.

Name

Provider

Purpose

Retention Period

Type

BrowserId [x2]

compleo.my.salesforce-sites.com

Device recognition for repeat visits

1 year

HTTP-cookie

number(#)

compleo.my.salesforce-sites.com

User interaction with embedded content

Session

Local Storage

5.4 Marketing Cookies

These cookies are used to track users across websites and display personalized advertising.

Name

Provider

Purpose

Retention Period

Type

#-#

YouTube

Interaction with embedded content

Session

Local Storage

_ga, ga#

Google

Google Analytics, cross-device and cross-channel visitor identification

2 years

HTTP-cookie

_gcl_au

Google

Google AdSense advertising efficiency experiment

3 months

HTTP-cookie

_gcl_ls, pagead/1p-conversion/#/

Google

Conversion measurement for advertising

Variable

see above

iU5q-!O9@$

YouTube

Statistics of viewed YouTube videos

Session

Local Storage

LAST_RESULT_ENTRY_KEY, nextId, requests

YouTube

Interaction with embedded content

Session

HTTP-cookie

visitor_id#

get.compleo-cs.com

ABM/Retargeting, visitor identification

10 years

HTTP-cookie

yt.innertube::nextId, ytidb::LAST_RESULT_ENTRY_KEY, YtIdbMeta#databases, yt-remote-*

YouTube

YouTube integration settings and usage

Variable (see above)

Local Storage / IndexedDB

5.5 Unclassified Cookies

These cookies are currently being categorized and may be explicitly assigned at a later time.

Name

Provider

Purpose

Retention Period

Type

Geo

compleo.my.salesforce-sites.com

To be classified

Session

HTTP-cookie

LSSIndex:SESSION{"namespace":"c"}

compleo.my.salesforce-sites.com

To be classified

Session

Local Storage

LSSNextSynthtic:SESSION

compleo.my.salesforce-sites.com

To be classified

Session

Local Storage

pdl#c:embededWeb2CaseFlowApplication

compleo.my.salesforce-sites.com

To be classified

Persistent

IndexedDB

5.6 Managing Your Cookie Settings

You can change or withdraw your cookie settings at any time via the Usercentrics widget on the website compleo-charging.com.

Recipients/categories of recipients:
Depending on the cookie category, recipients are Compleo Charging Solutions GmbH & Co. KG as well as the respective third-party providers (Google, LinkedIn, Salesforce, YouTube, Usercentrics, etc.). The categories and details can be found in the respective entries above.

Retention periods:
The specific retention period for each cookie can be found in the tables above. Session cookies are deleted at the end of your session, other cookies can be stored for up to ten years.

Legal basis:
Strictly necessary cookies are used on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. All other cookies are only set with your consent pursuant to Art. 6 (1) lit. a GDPR.

 

6 Your application to us 

6.1 Purposes of processing 

When you send us an application, we process your data to the extent necessary until the application process is completed. 

6.2 Lawfulness of processing 

Art. 6 (1b) GDPR, to process your application, which constitutes a request for the conclusion of an employment contract, as part of our application process. 

6.3 Recipients or categories of recipients 

We use services of service providers in the context of order processing according to Art. 28 GDPR to carry out personnel administration. 

6.4 Storage periods 

In the event of recruitment, required data from your application will be stored in the personnel file. Data that is not required will be deleted. In the event of a rejection, your data will be deleted 2 months after completion of the application process. 

 

7 Social media 

7.1 Purposes of processing 

We also communicate with you via various social media channels. When using these platforms, the respective data protection declarations always apply as well. 

In particular, these are (as of 2023-06-02): 

Youtube (privacy policy: policies.google.com/privacy)

LinkedIn (privacy policy: www.linkedin.com/legal/privacy-policy)

Instagram (privacy policy: help.instagram.com/519522125107875)

Twitter (privacy policy: twitter.com/de/privacy)

Facebook (privacy policy: www.facebook.com/policy.php)

Kununu (privacy policy: privacy.xing.com/de/datenschutzerklaerung)

Xing (privacy policy: privacy.xing.com/de/datenschutzerklaerung)

7.2 Lawfulness of processing 

Art. 6 para. 1f GDPR, our legitimate interest in carrying out company communications and ensuring a defined external presentation. In some cases, we ask for your consent to carry out processing with third parties. If you give us consent, the processing is legitimised on the basis of Art. 6 (1a) GDPR. You can revoke your consent at any time in our privacy policy. 

7.3 Recipients or categories of recipients 

The social media platforms listed above, some of which also process personal data in third countries such as the USA. All of these services pass on personal data, for example to commissioned third-party providers for the provision of outsourced services, to authorities if you are legally obliged to do so or if there is suspicion of a violation of the law, and to new business owners in the event of a company acquisition or insolvency. 

7.4 Storage periods 

In accordance with the privacy statements of the social media platforms. 

 

8 Analytics services 

8.1 Purposes of the processing 

8.1.1 Google Analytics and Google Tag Manager 

This web service uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses so-called cookies, text files that are stored on users' computers and enable an analysis of their use of the website. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there. 

In the event that IP anonymisation is activated on this website, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. 

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout;

As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again. 

8.1.2 LinkedIn Insight Tag 

We process data to evaluate LinkedIn campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn. To do this, we embed the LinkedIn Insight Tag on our website. You can give and also revoke your consent using our cookie bot. 

8.1.3 Salesforce Pardot 

For user guidance, we use Salesforce Pardot to track the activities of visitors and potential customers, for example by remembering the settings of form fields when a visitor returns to our website. We also set a cookie for logged-in users to maintain the session and store table filters. The processing takes place in EU data centres as part of our contract processing we have with Salesforce. For more information on data processing, please see Salesforce's Cookie Notice: help.salesforce.com/s/articleView

8.2 Lawfulness of processing 

If you give us your consent to processing through the consent tool, the legal basis is Article 6 (1a) GDPR. In other cases, the legal basis Art. 1f GDPR, namely our legitimate interest in carrying out an anonymous range measurement and optimizing user guidance in order to make visiting the website as pleasant as possible, may apply. You have the option to object to this processing using the cookie consent solution Cookiebot. For processing that cannot be legitimised on the basis of our legitimate interest, we request your consent via the Cookiebot, which you can revoke at any time in the "Cookies" section of this privacy policy. 

8.3 Recipients or categories of recipients 

As described under "Purposes of the processing", the recipients are Google Inc. in the context of an order processing and LinkedIn. You can find the data protection declaration for Google Analytics here: support.google.com/analytics/answer/6004245, and the data protection declaration for LinkedIn here: https://www.linkedin.com/legal/privacy-policy

8.4 Storage periods 

The personal data of this processing are regularly deleted after the cessation of necessity, or deleted in accordance with the data protection declarations of the listed recipients. 

 

9 Newsletter 

9.1 Purposes of the processing 

We use a newsletter service for communication and external presentation. 

9.2 Lawfulness of processing 

Art. 6 para. 1a GDPR, your consent to the newsletter with double opt-in. 

9.3 Recipients or categories of recipients 

We use the services of Mailchimp from The Rocket Science Group, LLC as part of an order processing according to Art. 28 GDPR to send the newsletter. Some of the processing takes place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses have been agreed with the service provider. The privacy policy of Mailchimp can be found at https://mailchimp.com/legal/privacy/.

9.4 Storage periods 

After unsubscribing from the newsletter, your relevant personal data will be deleted. 

 

10 Presentation of our current share price 

10.1 Purposes of processing 

In order to give you an up-to-date overview of what is happening on the stock exchange, we show you our current share price at Deutsche Börse on our Share Price page. 

10.2 Lawfulness of processing 

Art. 6 para. 1f GDPR, our legitimate interest for external communication and self-presentation. 

10.3 Recipients or categories of recipients 

The share price is provided directly by Deutsche Börse. Therefore, when you call up the page, your IP address is transmitted to the Deutsche Börse server located in Germany. 

10.4 Storage periods 

The data logged on the server when the page is called up is deleted after 30 days. See also the data protection declaration of Deutsche Börse: https://www.boerse-frankfurt.de/datenschutz.

 

11 Postal direct advertising for the acquisition of new customers 

11.1 Purposes of processing 

The personal data is processed for the purpose of acquiring new customers, promotional approach. 

11.2 Lawfulness of processing 

Art. 6 para. 1f GDPR, our legitimate interest to carry out direct advertising. The source of the personal data is Deutsche Post Direkt GmbH, Junkersring 57 in 53844 Troisdorf, Germany. Further information on data processing can be found at: Data Protection | Deutsche Post Direkt. 

11.3 Storage periods 

The personal data will be deleted immediately after the purpose has been fulfilled or after the postal mailing has been sent. 

 

12 IT user management 

12.1 Purposes of processing 

For guest users, freelancers and service providers, user accounts with role and authorisation management for access to operational resources can be created if required. 

12.2 Lawfulness of processing 

As necessary processing under Art. 6 (1b) GDPR if you need to access operational resources as part of the performance of your contract with us. Or on the basis of your consent under Art. 6 (1a) GDPR if you voluntarily wish to use our network resources, for example as a guest. 

12.3 Recipients or categories of recipients 

The recipient of the data is Microsoft within the framework of commissioned processing in accordance with Art. 28 GDPR. The processing takes place in data centres within the EU. 

12.4 Storage periods 

Guest user accounts are automatically blocked for 3 months and deleted after a further 6 months. Accounts of freelancers and service providers are blocked as part of the offboarding process after termination and deleted after 12 months. 

 

13 Credit assessment 

13.1 Purposes of the processing 

Checking the creditworthiness of customers 

13.2 Lawfulness of processing 

Art. 6 para. 1f, the legitimate interest to protect against payment defaults. 

13.3 Recipients or categories of recipients 

Service providers for creditworthiness information, for example Creditsafe Berlin, Deutsche Factoring Bank Bremen. 

13.4 Storage periods 

The information is stored for the duration of the business relationship. 

 

14 Operation of the eOperate portal

14.1 User Guiding

14.1.1 Description and scope of data processing
We use the services of Userflow Inc, 548 Market St PMB 69598, San Francisco, CA 94104-5401, to provide onboarding content (tool tips and click guides), to provide a help centre including a chatbot and to answer feedback questions.

We use the Zapier, Inc. service, a tool to automate workflows such as user self-registration, fulfilment processes and sales initiative support.

We use Tally.so, an online form creation tool that allows us to collect data from users. It allows us to easily create customised forms for various purposes, such as registration, surveys, feedback and more.

We use HubSpot as a presales tool to manage potential prospects and facilitate lead tracking to improve customer retention and sales strategies.

14.1.2 Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. f GDPR, our legitimate interest in offering improved usability of our portal.

14.1.3 Purpose of the data processing
Providing services that support the user of our portal during use. Providing help texts, chatbots and similar functions.

14.1.4 Recipient of the data / third country transfer
The recipient of the data is Userflow Inc, 548 Market St PMB 69598 in San Francisco, CA 94104-5401, USA. We have concluded the EU standard data protection clauses with the service provider and checked the suitability of the service provider on the basis of the technical and organisational measures implemented.

Zapier Inc. 548 Market St, San Francisco, CA 94104, Zapier has certified to the U.S. Department of Commerce that it complies with (1) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with respect to the processing of personal data it receives from the European Union in reliance on the EU-U.S. DPF.

Tally.so, August van Lokerenstraat 71, 9050 Ghent, Belgium, is the company that processes the form data as a processor pursuant to Art. 28 GDPR.

HubSpot, Inc. 25 1ST St Ste 200, Cambridge, MA 02141, has confirmed to the U.S. Department of Commerce that it (1) complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with respect to the processing of personal data it receives from the European Union in reliance on the EU-U.S. DPF.

14.1.5 Duration of storage 
The anonymised IP addresses are stored for 60 days. Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these include the accessing IP address and, depending on the error, the website accessed.

 

14.2 Audit logs

14.2.1 Description and scope of data processing
We process personal data to secure our services and for traceability purposes. For this purpose, the user ID or gateway user ID with the activities and the associated data such as the business partner ID are stored when accessing the eOperate portal or the API.

14.2.2 Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, our legitimate interest in ensuring the operational security of the API and the traceability of user activities.

14.2.3 Purpose of the data processing
We store the user ID with the associated context data that we need to ensure the operational security of our system and to make the activities of a user ID traceable.

14.2.4 Recipients of the data / transfer to third countries
The data is only processed internally.

14.2.5 Duration of storage 
The data is stored on a personalised basis for as long as the corresponding user ID exists. As soon as the user ID has been deleted, it is no longer possible to identify the data subject on the basis of the stored audit log.

 

15 Your rights as a data subject 

According to the GDPR, you have the right to: 

Pursuant to Art. 7 (3) GDPR, to revoke your consent once given to us at any time with effect for the future. 

In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. 

In accordance with Article 16 of the GDPR, to request the correction of inaccurate or incomplete personal data stored by us. 

In accordance with Article 17 of the GDPR, to request the deletion of your personal data stored by us. 

In accordance with Article 18 of the Regulation, you may request the restriction of the processing of your personal data. 

In accordance with Article 20 of the GDPR, to receive your personal data that you have provided to us in a usable format. 

In accordance with Article 21 of the GDPR, you have the right to object to our legitimate interests. To do so, please use the contact details in the imprint. 

Complain to a supervisory authority in accordance with Art. 77 DSGVO. Complain to the data protection supervisory authority. Your competent supervisory authority is the one in your place of residence. You can find a list of supervisory authorities here: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html;jsessionid=BED09EA7C3AC1DD515E2770630750FCA.intranet241.
 

16 Note on the use of the domain
emobility.software by Compleo Charging Software

Compleo Charging Software uses the domain https://emobility.software for its corporate website, the provision of its products and services and the collection of usage data to improve the user experience and service. Visiting the domain includes access to the Compleo web platform and the ability to request technical support.