Service Mobilize Charge Pass

SECTION A. Key points to note before reading this Privacy Policy (hereinafter the "Policy")

A.1. Who does this Policy apply to?

This Policy applies to users of the free and/or paid "Mobilize Charge Pass" services (hereinafter referred to as “you” and, by extension, “your”) whose personal data (hereinafter "personal data") is processed, alone or jointly, by [subsidiary name] and RENAULT s.a.s (hereinafter "we" and, by extension, “our”).

 

 

A.2. What activities does this Policy cover?

The free and/or paid services accessible via the My Dacia, My Alpine, My Renault, Mobilize Charge applications (hereinafter referred to as the "Application") as defined in the General Terms and Conditions of Use of each Application, and in the General Terms and Conditions of Sale and Use of the Moblize Charge Pass Charging Service (hereinafter "Mobilize Charge Pass Service").

 

SECTION B. What is the purpose and scope of this Policy?

B.1. Purpose of this Policy

The purpose of this Policy is to enable you to understand, in a clear, concise and accessible manner, how your personal data is used in the context of the Mobilize Charge Pass Service.

This Policy supplement the [subsidiary name] policy on the protection of your personal data available here [link[CK1] ], which provides you with details on the management of cookies and other trackers on the Application or our marketing operations.

 

B.2. What processing does this Policy apply to?

In the context of this Policy, we describe the processing of personal data carried out by [subsidiary name] and/or RENAULT s.a.s. when you use the Mobilize Charge Pass Service.

In these sections you will find detailed information on:

1- WHO PROCESSES YOUR PERSONAL DATA? 

2- WHAT PERSONAL DATA DO WE PROCESS? 

3- WHAT IS YOUR PERSONAL DATA USED FOR?

4- WHO HAS ACCESS TO YOUR PERSONAL  DATA? 

5- WHAT ARE YOUR RIGHTS?

6- HOW DO WE SECURE YOUR PERSONAL DATA? 

7- UPDATES TO THIS POLICY

In this Policy, "we" and/or any variation thereof (e.g. "our") refer to:

-        [subsidiary name], located in [Country], at [indicate the address (headquarters) of the company and DPO address if applicable].

-        Renault s.a.s. located in France, at 122 122 bis avenue du Général LECLERC - 92100 Boulogne-Billancourt CEDEX. The contact details of its data protection officer are as follows: Data Protection Officer, Renault s.a.s., API: FR BLN CRI 1BW, 122-122 bis avenue du Général Leclerc 92100 Boulogne-Billancourt, France.

These entities act as joint controllers, within the meaning of the applicable regulations on the protection of personal data and in accordance with the key provisions of the Joint Controller Agreement which can be viewed here [insert link ]. With regard specifically to the Plug n Charge connected service, RENAULT s.a.s acts as data controller.

In general, we undertake to collect only the personal data that is relevant and appropriate for each of the purposes for which we process it (see section 3 – WHAT IS YOUR PERSONAL DATA USED FOR ?)

In this section, we explain the context in which your data is collected and the categories of data we collect.

 

2.1. Collecting personal data from you

We collect your personal data in particular when:

-        You visit our websites and mobile applications, which may use cookies or other trackers,

-        You contact us (*) through an online form, email, phone, live chat or any other means,

-       You subscribe to our communications,

-        You respond to one of our studies or satisfaction surveys,

-        You create a user account to access our services from your computer or smartphone,

(*) As such, if applicable, the data that is necessary to respond to your request or for the purposes of a contract or legal obligation are indicated in the collection forms (e.g. by an asterisk). If you do not wish to provide the mandatory data, we may not be able to process your request or provide you with the relevant services.

In any case, we invite you to keep us regularly informed in writing of any changes to your personal data.

 

2.2. Categories of data collected 

The personal data we collect depends on our interaction with you and may include information regarding:

-        Your identity and contact details (surname, first name, postal address, email address, telephone number)

-       Your technical identifiers (customer ID, Mobilize Charge Pass RFID card ID, Plug n Charge ID, gift card ID,...)

-       Our commercial relationship (our interactions and contracts, order history, order status and activation of the Mobilize Charge Pass card, billing data,...)

-       Your charging sessions (start/end date, duration, amount of energy, station ID, charging history and charging station network used,...)  

-       Your payments and transactions (type of payment, payment method used, discount granted, date of purchase, invoice, total amount, purchase history, taxes, etc.)

If Plug n Charge is enabled:

This service allows users to charge their vehicles more easily and safely at any charging station compatible with theISO15118 standard (international standard for electric vehicle charging processes). As soon as the user has subscribed to the Mobilize Charge Pass Service (paid services) and activated the Plug n Charge feature, all they have to do is plug their vehicle into a charging station for it to be automatically recognised and charging to begin.

Data used:

-       Your Vehicle Identification Data (VIN)

-        Login details 

To learn more about the connected services and embedded applications in Renault vehicles, please visit this page [link].

3.1 – The objectives we pursue when processing your personal data 

We collect your personal data in the context of providing the Mobilize Charge Pass Service for the following purposes:

3.2 – The length of time we retain your data

In accordance with the regulations, we undertake to retain your personal data only for as long as necessary to fulfil the purpose pursued, to meet your needs, or to comply with our legal obligations.

 

To determine this period, we take into account in particular the following factors:

-      the term of your contract,

-      the time needed to process your request or complaint,

-      the length of time your user account remains open, unless it remains inactive for 3 years,

-       your interest in our brands, as reflected in your interactions with our services,

-       the need to retain a certain history of your interactions with us for the proper management of our business relationship, it being understood that this period will vary in particular depending on whether you have purchased a Vehicle, a service such as a repair, or only interacted with us without entering into a contract with us,

-      our legal or regulatory obligations (this is particularly the case for technical data relating to our Vehicles).

 

Once your personal data is no longer required, it is deleted from our systems and records or anonymised so that you can no longer be identified. Notwithstanding the foregoing, we may retain certain personal data in archive form in order to be able to respond to any legal action, for the duration of the limitation period provided for by the applicable legislation.

4.1 – Service providers operating on our behalf

In order to process all or part of your personal data for the purposes we have brought to your attention in this Policy, we use companies acting on our behalf as data processors, acting under our contractual instructions. These include in particular:

-        IT providers responsible for hosting, operating or maintaining our databases, websites and mobile applications,

-        Technical infrastructure providers enabling the delivery of a charging service.

-        Manufacturers of RFID cards for the production and shipment of Mobilize Charge Pass RFID cards.

-        Certain subsidiaries of Groupe Renault for the provision of IT services.

 

In any event, we ensure that we only work with trusted partners, that these relationships are secured (contracts, audits, safeguards, security tests, etc.), and that only those persons duly authorised to process your personal data in view of their position and duties are permitted to do so.

 

4.2   – Our approved banking partners

We use certified banking service providers (such as Worldpay and Stripe) who offer remote payment solutions and/or recurring payment management (e.g., subscriptions).

 

Your payment card data is collected and processed solely by these payment service providers, who may act, depending on the circumstances, either as data processors or as independent data controllers. You can learn more by consulting their privacy policies available at the following address:

• Worldpay: https://privacy.worldpay.com/policies/en  
• Stripe: https://stripe.com/fr/legal/privacy-center

We only have access to the first and/or last digits of your payment card number, the expiration date and a pseudonym (token ID) for managing the payment methods linked to the Mobilize Charge Pass and for billing purposes.

 

4.3 – Our partners who operate charging points for electric vehicles (CPOs).

In the e-mobility ecosystem, CPOs and eMSPs are partners:

-        The CPO, as a charge point operator, may build and maintain the electric vehicle charging network and/or offer charging-related services (such as charge point supervision and the sale of charging sessions) to eMSPs;

-        The eMSP, as a mobility services provider, offers mobility services (such as locating charge points and purchasing charging sessions) to its end customers, electric vehicle drivers.

 

As a mobility service operator (eMSP), we enter into agreements with partner charge point operators (CPOs) to enable our customers to purchase charging sessions within their charging station networks using their Mobilize Charge Pass RFID card.

At the time of your charging session, the CPO collects your RFID badge number or your Mobilize Charge Pass customer number and transmits them to us along with the data from your charging session (such as the identification details of the charge point, for the purpose of authorizing and completing the charging process).

 

In this context, each party processes these data as an independent data controller for its own purposes and in accordance with its own data protection policy:

-       The CPO processes the data for the purpose of selling the charging service to an eMSP such as ourselves.

-       We process the data for the purpose of calculating the price of your
charging session and invoicing you under the Mobilize Charge Pass service

To learn more about how a CPO handles your personal data, please refer to their privacy policy.

 

4.4 – Authorised third parties

We may also share certain personal data about you with authorised third parties (i.e. authorities, administrative authorities and/or bodies which have been empowered by legislative or regulatory provisions to require that we disclose documents or information containing personal data) in order to comply with any legal obligation or any administrative or judicial decision.

5.1- Your rights

You have several rights under the personal data protection regulations:

The right to object to the processing of your personal data, subject to providing reasons relating to your particular situation, and the right to request the restriction of the processing of your personal data in certain cases provided for by the regulations. Where applicable, we will no longer process such personal data unless we have compelling legitimate grounds to do so which override your interests, rights and civil liberties, or if the processing is necessary for the establishment, exercise or defence of legal claims.

 

The right to object to any direct marketing: you may at any time request to stop receiving our communications relating to our offers, news and events. This right may in particular be exercised via the unsubscribe link included in each marketing email. You may also object to being subject to profiling associated with such marketing communications. For more details on how to exercise this right in practice, please see the following section (Section 5.2 – How can you exercise your rights?).

 

The right to withdraw your consent at any time, for the purposes for which we obtained your consent. If you withdraw your consent, we will discontinue the  processing activities for which we rely on your consent (see Section 3 – WHAT IS YOUR PERSONAL DATA USED FOR?). However, in accordance with the applicable regulations, if the same data is processed for other purposes based on legal grounds other than consent, such data will not be deleted. For example, your email address may be processed both to perform our contractual obligations (to notify you of the end of your Services contract) and, if you have given your consent, to send you direct marketing by email. Withdrawal of your consent therefore does not mean that we will permanently delete your contact details from our databases, since in this example another processing purpose, based on performance of the contract you have entered into with us, requires us to retain your email. In this respect, withdrawal of your consent does not have the same effect as exercising your right to erasure (see below).

 

The right to be informed: you have the right to obtain clear, transparent and understandable information on how we use your personal data and on your rights. This Policy is one such example.

 

The right of access to your personal data: you have the right to obtain information about the processing of your personal data (in particular the data that is used, all available information about the source of the data when you did not provide your personal data directly, the purposes for which we use it, the recipients and/or categories of recipients to whom your personal data has been transferred, the retention period we apply to your personal data, etc.) as well as a copy of your personal data.

 

The right to rectification: you have the right to have your personal data rectified if it is inaccurate or incomplete, despite our efforts to keep it up to date, which allows us to comply with our obligation to hold accurate data about you.

 

The right to data portability: this means that, under certain conditions, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible. The right to data portability may only be exercised where the processing on which you rely for this right is based on the legal ground of consent or on pre-contractual or contractual measures. In this respect, the right to data portability is distinct from the right of access to your personal data.

 

The right to erasure (or “right to be forgotten”): you have the right to have your data erased or deleted. This right may be limited in light of our contractual obligations (e.g. an ongoing contract) or legal obligations (notably where data must be retained in relation to legal claims). 

 

The right to restriction of processing: you have the right to exercise this right if (i) you wish to contest the accuracy of your personal data, or (ii) you need the data processed by us in order to establish or defend your legal claims and wish to prevent us from deleting it (for example, where the statutory retention period has expired and we no longer have operational reasons to retain such data, etc.). You are informed that you automatically benefit from this right when you have objected to processing based on our legitimate interest by providing reasons relating to your particular situation, for the time it takes to verify whether the legitimate grounds on which we rely for such processing override your interests, rights or civil liberties. 

 

Where applicable, the right to define directives, whether general or specific, concerning certain processing operations, for the retention, erasure and communication of your personal data after your death.

You may modify or delete these directives at any time. You may communicate such specific directives to us by writing to the address indicated below.

Finally, you have the right to lodge a complaint with [to be completed]. We encourage you to contact us before submitting any complaint, so that we may attempt to resolve your issue together.

 

5.2- How to exercise them?

You can update your contact details directly in your user account.

To exercise any of your rights listed above, you can send us your request at any time via [email address/form to be completed], or by post to the address: [postal address to be completed]. We may request certain information or documents (identity document, vehicle registration certificate) if we are unable to identify you or to identify your vehicle data.

We may request certain information or documents (identity document, vehicle registration certificate) if we are unable to identify you or to identify your vehicle data.

 

Whenever the processing of personal data involves its transfer, we ensure that such transfer is carried out under appropriate conditions guaranteeing a sufficient level of protection, security and confidentiality.

 

When creating a digital account, you are required to set a password that meets our security standards; this requirement forms part of our privacy policy. You are responsible for keeping your password secret.

 

Wherever possible, your data is processed within the European Economic Area (EEA). However, as some of our service providers or their processors are located in countries outside the EEA, your personal data is processed in those countries. Some of these countries may have data protection regulations that differ from those of the European Union. In such cases, we pay particular attention to ensuring that the transfer is carried out in compliance with the applicable regulations and that safeguards are put in place to ensure a level of protection of your privacy and fundamental rights which is equivalent to that offered by the European Union (in particular through the use of the European Commission’s Standard Contractual Clauses).

In addition, some of our service providers carry out data processing in the United States. These companies are certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States aimed at ensuring compliance with European data protection standards for data processing carried out in the United States. Each DPF-certified company undertakes to comply with these data protection standards. For more information, click on the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail.

 

Upon simple request made to the address mentioned in the section “What are your rights”, we can provide you with further information about the transfers we carry out.

We may occasionally update this Policy. We therefore encourage you to consult it on each visit in order to familiarise yourself with the latest version.

 

***

Policy last updated: XX 2025