AYESA ISLANDER PRIVACY POLICY

Through this policy it is hereby informed that the personal data of AYESA ISLANDER users will be processed in accordance with the principles of transparency, purpose limitation, data minimization, accuracy, integrity and confidentiality, as well as respecting the rest of the obligations and guarantees established in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR"), as well as in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter "LOPDGDD").

1. Definitions

1.1 Corporate Tools

Refers to any tool, program, software or application that Ayesa makes available to users for the development of their professional, employment or contractual activity.

1.2 Corporate Services

Refers to any service that Ayesa provides to users so that they can carry out their professional, employment or contractual activity.

1.3 Ayesa World

Refers to the web portal intended to facilitate the User’s access to Corporate Tools and Services.

1.4 User or Users

Means any employee, collaborator or natural person who has access to Ayesa’s Corporate Tools and Services, as well as to the Ayesa World platform.

1.5 Personal Data

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.6 Processing

Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.7 Data Controller or Controller

The natural or legal person, authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8 Data Processor or Processor

The natural or legal person, authority, service or other body which processes personal data on behalf of the controller.

1.9 EV Service or Charging Point

Refers to the service through which AYESA ISLANDER identifies for users the Charging Points they can use through the application.

1.10 Charging Point Owning Entity

Refers to the entity that owns the charging point where you, as a user, consume electric energy. AYESA only makes the platform services available to the Charging Point Owning Entity, with the Charging Point Owning Entity being the one that provides electric consumption services to users.

1.11 AYESA ISLANDER

Refers to the platform tool offered by AYESA for your management as a user of an EV Service/Charging Point and/or Energy Demand Management Service (Demand Response).

<

2. Who is the Data Controller of your data?

Your data are collected and will be processed by ATECH ADVANCED SOLUTIONS, S.A. (hereinafter AYESA), an entity located at Marie Curie Street nº 2, Isla de la Cartuja, 41092 Seville, Postal Code: 41092, Seville.

Type of Data

Purpose

Legal Basis

Retention Period

Name, email, password, country, phone

User registration and access to the platform

Contract performance

Up to 5 years from termination of service

Geolocation

Location of charging points, map display

Explicit user consent

While active or until withdrawn

Charging data (date, consumption, cost)

Viewing history; billing to charging point entity

Contract performance / legitimate interest

Up to 5 years

Session and activity data

Security, maintenance and improvement of the platform

Legitimate interest

Up to 5 years

Data of users from managing entities

Management of administrators/co-administrators access

Contract performance

Up to 5 years from termination

3. Basic Information

Through this document, users are informed about the processing of personal data used in the corporate tools and services provided by Ayesa. The basic information regarding the processing will describe at least the following categories:

4. What personal data do we process?

5. Purposes of the processing

6. How long are my data retained?

The data cannot be retained for longer than necessary for the purposes stated. Each processing activity will have a retention period proportional to its purpose and to legal obligations for information retention. Data is retained for a maximum of 5 years. Similarly, data of users who unsubscribe will remain blocked for a maximum of 5 years.

7. International Data Transfer

For more information about the transfer of geolocation data, please consult Google's Maps policy: Google Maps Terms.

The rest of the data is processed entirely within the European Economic Area.

8. What rights do I have as a user?

Delegado de Protección de Datos (DPO)

AYESA ha designado un Delegado de Protección de Datos (DPO), en cumplimiento con lo establecido en el artículo 37 del Reglamento General de Protección de Datos (RGPD). Los usuarios pueden contactar con el DPO para cualquier cuestión relativa al tratamiento de sus datos personales o al ejercicio de sus derechos a través de la siguiente dirección electrónica:

Datos de contacto: support-islander@ayesa.com

9. How can I exercise my rights?

You can exercise your rights of access, rectification, deletion, limitation, objection, and portability (where legally applicable) by sending a request to Alía at the address C/ Marie Curie, no 2 - AYESA Building, 41092 Seville, or via email to support-islander@ayesa.com. Please indicate the right you wish to exercise and provide a document or copy of a document to verify your identity. Additionally, if you believe any of your rights have been violated, you may submit a complaint to the Spanish Data Protection Agency (AEPD) at C/ Jorge Juan, 6, 28001-Madrid or through the AEPD electronic headquarters: AEPD Website.

10. What are my responsibilities as a user?

You guarantee that you are over 16 years old and that the data you provide to AYESA is true, accurate, complete, and up-to-date. To this end, the User is responsible for the veracity of all the data provided and will keep the information updated so that it reflects their actual situation.

If you provide data of other individuals, you guarantee that they have been previously informed of the contents of this document and that you have obtained their authorization to provide their data to AYESA for the specific processing purposes for which it is provided.

You will be responsible for any false or inaccurate information provided through the Website and for any direct or indirect damages or losses this may cause to AYESA or third parties.

11. Security Measures

AYESA will handle User data in an absolutely confidential manner, maintaining the required duty of secrecy in accordance with applicable regulations, adopting appropriate security levels and measures to protect personal data by implementing the necessary technical and organizational measures to ensure lawful processing, confidentiality of the data, and to prevent loss, alteration, or unauthorized access. AYESA has technical and organizational measures based on ISO 27001 certification and the National Security Framework.

You can view the security measures and Cloud environment conditions of the AYESA ISLANDER platform at the following links:

Geolocation service conditions: