Appendix B

Privacy policy on the use of our Mobile payment site

General information

In this data protection notice, we inform you about the processing of personal data in the context

the use of our Mobile payment site. We process personal data exclusively on the basis of the applicable

legal provisions (^AVG1,^DSG2, TKG²⁰⁰³³ ).

Name and contact details of the responsible persons and the data protection officer

Responsible for processing personal data:

Wattify BV

BE0777610990

kriephoekstraat 25

9230 Wetteren Belgium

e-mail: privacy@wattify.be

If you have any questions about the processing of personal data in connection with the use of our Mobile Payment Site or about exercising your rights in relation to the AVG, please contact us directly or our data protection officer, Dimitry Smagghe, co-manager.

No obligation to provide personal data

You are not obliged to provide personal data that we request from you on our Mobile Payment Site. However, we are obliged in accordance with Directive 2011/83/EU4 (Consumer Rights Directive) to provide you with certain information relating to the contract to be concluded with you both before and after its conclusion. If you do not provide us with the personal data we request from you on the Mobile Payment Site, we will not be able to comply with our obligations in accordance with the Consumer Rights Directive and we will therefore not be permitted to enter into a contract with you. Without providing the personal data we request from you on the Mobile Payment Site, you will not be able to perform a Charging Process at a Charging Station operated by Wattify.

Categories of personal data processed.

Accessing the Mobile Payment Site.

When you access our Mobile Payment Site in your browser, we process the following personal data:

• IP address,

• date and time of access to our Mobile Payment Site or individual pages on the Mobile Payment Site,

• Internet service provider (ISP),

• operating system,

• browser name and version,

• the website from which you visited our Mobile Payment Site ("referring URL"),

• clickstream data.

Contacting us via forms, email or phone

If you contact us through the contact form available for on our Mobile Payment Site, by email or phone, the personal data you provide such as name, address, email address, phone number, etc. will be processed by us.

Payment Information

When performing the payment transaction, we process the following personal data:

• data of the means of payment used,

• data of the holder of the means of payment,

• data of the payment amount,

• other information related to online payment transactions.

Use of cookies

Our Mobile payment site makes use of so-called cookies. These are small text files that are sent to your browser from our Mobile Payment Site and stored on your end device until you delete them. Cookies may contain personal data. All cookies on our Mobile payment site are technically necessary to ensure the functionality of the Mobile payment site.

Processing purposes

The personal data mentioned in point 4) of this Privacy Policy are processed for the following purposes:

• the operation of the Mobile Payment Site, including detecting and investigating possible attacks on the Mobile Payment Site,

• performing Charging Processes, including making non-cash payments and electronic billing, as well as entering into the related contracts,

• responding to inquiries about Charging Processes or invoices from Charging Processes,

• providing support in connection with the performance of Charging Processes (support).

Legal basis for processing.

The personal data mentioned in point 4) subpoint (1) and (4) of this Privacy Policy are processed because of our legitimate interest in the secure operation and functioning of our Mobile Payment Site (Article 6 par. 1 paragraph f of the AVG).

The personal data mentioned in point 4) subpoint (2) and (3) of this Privacy Policy are processed for the performance of the contract or for the implementation of pre-contractual measures. Without processing personal data, we cannot enter into a contract, nor and the corresponding payment process with you (Article 6 par. 1 paragraph b of the AVG).


Categories of recipients.

For the purposes mentioned in point 5), we transfer your personal data to the IT service providers we use, in particular to the following recipients:

Name and address	Scope of activity
Amazon Web Services EMEA SARL 38 Avenue John F Kennedy, 1885 Luxembourg, GH Luxembourg	use of cloud services
Mollie BV Keizersgracht 126, 1015 CW Amsterdam, the Netherlands	Connection and execution of payment processes
Yuki nv	accounting package
Teamleader nv	invoicing and sending invoices

Some of the recipients listed above have their headquarters or connections in countries outside the European Union or an Agreement on the European Economic Area (third countries). The level of data protection in third countries may not match that of the European Union.

However, we only transfer personal data to recipients with headquarters or connections in third countries that the European Commission has decided have an adequate level of data protection or we take additional measures to ensure an adequate level of data protection.

We enter into personal data protection agreements with all of the above recipients. With recipients in the US, we additionally enter into the Standard Contract Clauses (SCC)⁵published by the European Commission. Detailed information on this is available on request from

privacy@wattify.be

Collection and processing of personal data

When using our website and platform, standard system data are collected, such as the IP address of your device, the pages you visit, and the date and time of your visit. This data is anonymous and is primarily used for system security and statistical purposes.

If you use our services as a customer, such as creating an account or managing your charging infrastructure, additional personal data is collected and processed. This includes, but is not limited to, your contact details, payment information and data necessary for the identification of your charging stations, charging sessions and charging passes. This data is used for contract performance and to provide a seamless charging and payment experience to third parties using your charging infrastructure via roaming or electronic payments.

Use and sharing of personal data

The personal data you provide will only be used for:

• The technical management of our platform and website;

• Processing contracts and services as agreed in our contractual relationship;

• Managing your charging infrastructure and charging cards on our platform;

• Facilitating third party charging sessions and payments;

• Responding to your questions and requests.

For spcific purposes, we may share your personal data with third parties, such as payment processors and roaming partners, for the handling and settlement of charging sessions. Your data will be shared only for this purpose and only with parties that comply with applicable data protection legal requirements.

Duration of storage of personal data

Personal data will only be stored by us for as long as is absolutely necessary to fulfill the purposes specified in point 5) and as permitted under applicable law, in particular as long as legal retention obligations exist or the statutes of limitation for possible legal claims have not yet expired.

Rights of data subjects

According to the AVG, you have the following rights:

• You have the right to obtain information about whether and what personal data we process about you and to whom we transfer it.

• You have the right to request rectification, restriction of processing or deletion of your personal data processed by us if you believe it is inaccurate, incomplete, partially or unlawfully processed.

• You have the right to object to the processing of your personal data processed by us on the legal basis of legitimate interest if you consider that your interests take precedence over ours.

• You have the right to receive the personal data you provide in a structured, commonly used and machine-readable format as well as its transfer to a third party designated by you.

• You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. However, this does not affect the lawfulness of the data processing carried out on the basis of your consent until it is withdrawn.

• You have the right to lodge a complaint with the competent data protection authority.

If you wish to exercise any of the above rights, please contact us or our Data Protection Officer.

Changes to this Privacy Policy.

We reserve the right to modify this Privacy Policy from time to time due to a changing factual or legal situation. You can find the current version at any time on our Mobile Payment Site.

Version: October 2024

1Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to

the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation

data protection).

2German Federal Law for the Protection of Individuals with regard to the Processing of Personal Data, BGBl I Nr 165/1999 in the version BGBl I Nr 14/2019

(Datenschutzgesetz - DSG).

3German Federal Act establishing a Telecommunications Act, BGBl I No 70/2003 in the version BGBl I No 90/2020 (Telekommunikationsgesetz 2003 -

TKG 2003).

4Directive2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC

Council and Directive 1999/44/EC of the European Parliament and of the Council and repealing Directive 85/577/EEC and Directive 97/7/EC of the

European Parliament and Council ("Consumer Rights Directive").

5Commission Decisionof February 5, 2010 on standard contractual clauses for the transfer of personal data to processors established

in third countries under Directive 95/46/EC of the European Parliament and of the Council.