Privacy policy

1. Data transmission security
2. Data collected in the course of registration
3. Payment data
4. Collection of location data
5. Collection of data through the contact form
6. Use of cookies
7. Google analytics
8. Google fonts
9. Facebook ads
10. Server data collection
11. Rights of data subjects

The legal regulations for the protection of your data are to be found in the Basic Data Protection Ordinance and in the Federal Data Protection Act.

Responsible in terms of the data protection regulations is

Nexton GmbH
Three-pane house
40211 Düsseldorf
T: +49 211 88 250 210
e-mail: info@nextonenergy.de

Below you will find information about which personal data – this is all data that identifies you or makes you identifiable, such as name, address, e-mail address or even user behavior – we record during your visit to our site and how this data is used. Should you have any further questions, please feel free to contact us at privacy@nextonenergy.de.

You also have the right to complain to a supervisory authority in the event of unlawful use of the data. Which is responsible for us:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
fax: 0211/38424-10
e-mail: poststelle@ldi.nrw.de
1. security of data transmission
For the transmission of your data we use a secure server with SSL technology (Secure Socket Layer) with a 128-bit encryption. This ensures that your data is transmitted to us securely and unreadable for unauthorized persons.

Your passwords are hashed, i.e. stored cryptologically, and are thus protected from access by third parties and those responsible.
2. data collected in the course of registration
Within the scope of registration, we collect your name and e-mail address from you yourself as mandatory data. Likewise, when assigning your car to the customer account, the marking and the battery Mac address are stored in encrypted form. These data are necessary for the creation of the fuel bills and thus the fulfillment of our contractual obligations.
These data are usually collected from you.
The legal basis for the data processing in the Nextonenergy-App is Art. 6 I b) DSGVO, as the registration data is necessary for the fulfillment of the contract concluded or in the pipeline with you.
3. payment data
a.PayPal
Within the framework of the payment method PayPal as well as PayPal via direct debit, PayPal credit card and PayPal via purchase on account, your data will be passed on to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg during the payment process. By using one of these payment options, you agree to the collection of data by PayPal. You can find out exactly what data PayPal collects from you in their privacy policy https://www.paypal.com/de/webapps/mpp/ua/privacy-full. If you choose the payment options direct debit, credit card or purchase on account via PayPal, PayPal S.à r.l. et Cie, S.C.A. will check your creditworthiness. Further information on this and on the credit agencies engaged by PayPal can be found in the appendix to PayPal’s privacy policy https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Please note in particular that PayPal will check your identity and creditworthiness https://www.paypal.com/de/webapps/mpp/ua/creditchk when you pay without a PayPal account.
The legal basis for the transfer of your data to PayPal is Art. 6 I (b) DS-GVO, as it is necessary for the fulfillment of the contract when choosing the payment methods mentioned.
b. Stripe
The payment method “Stripe” is a service of Stripe Payments Europe Ltd. in Ireland or the US-American Stripe Inc. Information on the type, scope and purpose of data processing by Stripe can be found in the Stripe Worldwide Data Protection Declaration. We do not store any credit card data or account information from you. Only the Stripe customer ID is stored as a token in the user account, which allows the correct receipt of payment to be traced.

Legal basis for this data processing is Art. 6 I (b) DS-GVO, because it is necessary for the fulfillment of the contract when choosing the mentioned payment method.

c. Apple Pay
With the payment method “Apple Pay”, your data is collected and processed by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. During the payment process, “Apple Pay” only provides us with your name and e-mail address as well as a virtual account number (token) to reconcile the transaction. Your credit, debit or credit cards deposited with “Apple Pay” are not transmitted to us.

The legal basis for this data processing is Art. 6 I (b) DS-GVO, as it is necessary for the fulfillment of the contract when selecting the payment methods mentioned.

d. Google Payments
For the payment method “Google Payments” the service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; (“Google”) does not collect any account information from you. We only receive a token from Google to verify the successful receipt of payment. Google may send us certain personal information for verification purposes. You can find detailed information on this in the privacy policy of Google Payments.

The legal basis for this data processing is Art. 6 I (b) DS-GVO, as it is necessary for the fulfillment of the contract when selecting the payment methods mentioned.

4. collection of location data
Nextonenergy can be used at any time without location approval. However, you can only use the map function and the search for charging stations to a limited extent. If you activate the location function of your cell phone, we collect your location data for the purpose of displaying the gas stations in your vicinity. The location data is only collected locally at your terminal and is not stored in our database. The legal basis for processing your location data is Art. 6 I a) DSGVO. By activating the location release on your terminal device, you consent to the processing of your location data for the aforementioned purposes. This consent can be revoked at any time by deactivating the location release, without affecting the legality of the processing carried out in the past.
5. collection of data when contacting us
If you send us an inquiry by e-mail, we collect and store the e-mail address and the data contained in the e-mail to answer your inquiry.
If the inquiry should develop into a contractual relationship by way of contract initiation or if the inquiry refers to an existing contractual relationship, the legal basis is Art. 6 I (b) DSGVO, as the storage of the data is necessary for the fulfilment of a pre-contractual or contractual obligation. Furthermore, we also have a legitimate interest according to Art. 6 I (f) DSGVO in the processing of the data for the purpose of communication and answering your inquiries.
The data will be deleted when the purpose of storage no longer applies, i.e. after your e-mail/contact form inquiry has been answered or when the matter associated with the inquiry has been finally clarified. In the case of an existing contractual relationship or a contractual relationship resulting from the inquiry, the data will be deleted after expiry of the statutory retention periods.

6. use of cookies/HTML local storage
The Internet pages do not use their own cookies. For the recognition of a user when he registers or is logged in, as well as for the temporary storage of pictures of the registered car, we use the so-called HTML local storage. This is the local storage of your browser. This data is not transferred to our server. The data remains solely with you as the user and the internet browser accesses it when required. There is no automatic deletion of this data. You can delete it yourself by using the “Clear Cache” function of your browser.
7. google analytics
This website uses the web analysis service Google Analytics, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; (“Google”).
Google Analytics uses so-called “cookies” for the purpose of analysing user behaviour on the website and measuring the range of use. An overview of how Google uses cookies and which cookies are used can be found in this overview.

The legal basis for the collection and storage of data is Art. 6 I (f) DSGVO. Our legitimate interest is based on the fact that we can see from the analysis data, for example, where users stop visiting the site and we can accordingly improve our site for you or from which countries our site is called up and we can thus adapt our language selection. We have added the code “gat._anonymizeIp();” to our website Google Analytics in order to ensure anonymous recording of IP addresses (so-called IP masking). It is therefore not possible for us to assign the collected analysis data to a specific person.
Data transfer to third countries: The information generated by the cookies about your use of this website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in the USA and stored there. However, due to the activated IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
Google LLC. is certified in accordance with the US Privacy Shield in order to guarantee a level of data protection appropriate to the DSGVO. We have entered into a contract processing agreement with Google, by which Google proves to us that it complies with reasonable and appropriate technical and organizational measures to protect your personal data.

Objection and deletion:
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available under the following link.
The aforementioned add-on may not be available when accessing our website via browsers of mobile devices. In this case, as well as in general, you can alternatively prevent the use and transfer of the data to Google by clicking on this link. Please note that this is a so-called opt-out cookie, which is only valid for www.nextonenergy.de and the browser you are using. If you delete the cookies in your browser history, you will have to click the link again when you return to our site to object to the use of the data. The same applies if you call up the page with a different browser.

You can find more information on data protection at Google Analytics at https://support.google.com/analytics/answer/6004245?hl=de.
You have the right to information and objection to your data stored by us at any time, see below. Clause 11 on your rights as a data subject.
The data stored by Google is deleted by default within 14 months.
8. google fonts
On this website, external fonts in the form of Google Fonts are used for the uniform presentation of fonts. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; (“Google”).

We store the Google Font used by us on our own server, so that no data transfer to third parties takes place.
If your browser does not support Web Fonts, a default font from your computer will be used.

The legal basis for the use of Google Fonts is Art. 6 I (f) DSGVO. Our legitimate interest arises from the fact that we are able to present you the representation of the fonts in a uniform form.
9. facebook ads
We use the advertising tools of the social network of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for advertising on Facebook and Instagram. If you are logged in to your Facebook or Instagram account, Facebook uses the information you provided during registration, your likes and other user behavior to determine information such as your interests, based on which customized advertisements are shown to you, including from our company. We may also use the categories of information provided by Facebook to set preferences as to which user groups, anonymous to us, should see our ads. Depending on the privacy settings you specify, your name may appear in our ads. For more information on how your name appears in Facebook Ads, please click here. The same applies to so-called Social Ads, where your friends are shown that you, for example, “link” to our page. You can determine whether and how your name is displayed in the privacy settings and there in the ad settings. You can also opt-out of Facebook ads in general. In addition, you can set in your timeline for ads by clicking on “x” or “∨” whether and how our ads will be displayed to you on Facebook in the future. Facebook will not share any personal information about you with us except with your permission. We can only use Facebook’s general evaluation tools to track how many users, subdivided according to general criteria that are not linked to personal data, have seen or clicked on our advertisement or later performed an action on our website (conversion tracking through the so-called visitor action pixel). Please note that there is a possibility that Facebook may in turn assign this data to your account profile, over which we have no influence.
Data transfer to third countries: Your behavioral data as well as the data evaluated via the visitor action pixel are transferred to the servers of Facebook Inc. in the USA.
Facebook Inc. is certified in accordance with the US Privacy Shield to ensure a level of data protection appropriate to the DSGVO.
The legal basis for the collection and storage of data is Art. 6 I (f) DSGVO. Our legitimate interest is based on the fact that we can use Facebook Ads to display targeted advertising based on your interests and measure the success of the ads directly on our website. No personal reference is possible for us.
Objection
If you do not or no longer agree to this, you should make use of the above opt-out option, which allows you to stop displaying ads on Facebook. On Facebook, you will find further information on the privacy policy and the operation of Facebook advertisements.
10. server data collection
a. When you visit our site, various server statistics are automatically stored, which your browser sends to the server of our provider. The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type together with version and language, the user’s operating system, referrer URL (the previously visited page), time zone difference to Greenwich Mean Time (GMT), IP address and the requesting provider are logged.
This data is used for statistical evaluation of visits to our site and cannot be assigned to specific persons.
The legal basis for data collection is Art. 6 I f DSGVO. A consolidation of this data with other data sources is not carried out. The IP address will be anonymized. Our legitimate interest in the collection of this data is based on the fact that we can use the data to optimize our offer for users, e.g. by preventing access from malicious sites or by optimizing access via certain browsers, and that the log of the IP address is what makes the delivery of the site to the visitor possible. In principle, you have the right to object to this data collection. This is not possible in this case, because otherwise the use of the site would be impossible.
The data will be deleted after 365 days.
b. For the purpose of hosting and distributing the website content, we use the “S3” and “Cloudfront” products of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, (“AWS”) back, which processes our data on behalf. Hosting is carried out exclusively in the AWS computer center in Frankfurt a.M. AWS is certified according to the Privacy-Shield in order to guarantee a level of data protection appropriate to the DSGVO.
The legal basis is Art. 6 para. 1 lit. f. DS-GVO. The use of AWS is based on our legitimate interests in a secure and efficient provision and optimization of our online services.
11. rights of data subjects
11.1 Right of objection
If we process your data to protect legitimate interests (Art. 6 I (f) DSGVO), you may object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
In the event of an objection to data processing for the purpose of direct marketing, processing for this purpose will no longer be carried out.

11.2 Right to information
You have the right to request confirmation from us as to whether we are processing personal data concerning you and, if so, a right to access the personal data and related information in accordance with Article 15 of the DSGVO.
11.3 Right of rectification
You have the right to ask us to correct or complete any incorrect or incomplete personal data concerning you without delay in accordance with Art. 16 DSGVO.
11.4 Right to deletion
You have the right to demand the immediate deletion of personal data concerning you and we are obliged to delete them immediately if one of the reasons mentioned in article 17 DSGVO applies.
11.5 Right to limit processing
You have the right to ask us to restrict the personal data concerning you if one of the conditions mentioned in art. 18 DSGVO is fulfilled.
11.6 Right to data transfer
You have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format and you have the right to request that we transfer the data to another person in charge, as far as this is technically feasible.