Skip to content

eMabler Privacy Policy

1. GENERAL INFORMATION ON DATA PROCESSING
eMabler Oy ("eMabler", "we") is responsible for processing personal data in connection with making available the eMabler EV charging management platform (the "Service"), an API-first platform that connects electric vehicle ("EV") charging infrastructure with existing business systems - including CRM, billing, payment, and energy management - through open APIs and integrations. The Service is offered to energy companies, parking operators, and retailers for the purpose of enabling businesses to operate EV charging as a core part of their business operations. eMabler acts as the data controller in respect of personal data processed for its own purposes, including in connection with the Service, the eMabler website, its sales and marketing activities, and the management of its own business operations and customer relationships.

This Policy applies to the processing of personal data of the following categories of data subjects: (a) operators, being employees and representatives of eMabler's business customers who use the Service; (b) users, being the operators' customers and EV drivers who use the charging network; (c) visitors to the eMabler website; (d) prospective customers and other business contacts engaged through eMabler's sales and marketing activities; and (e) prospective employees (job applicants).

eMabler complies in all its operations with applicable legislation governing the processing of personal data, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We are committed to protecting your privacy and to processing personal data in a transparent and lawful manner. All information you provide to us is treated as confidential. In this privacy policy we describe how your personal data is collected and processed, to whom your data is disclosed, how long it is retained, and what your rights are in relation to your personal data.

2. PERSONAL DATA PROCESSED AND SOURCES

In connection with the provision and use of the Service and the eMabler website, we collect and process the following categories of personal data:

(i) Basic contact and identification data: name, email address, phone number, and other similar contact details.

(ii) Relationship and commercial data: services and order details, contract information, payment details, and billing information.

(iii) Service and account data: user IDs, authentication credentials, login information, and data on how and which services are used.

(iv) Communication data: correspondence, service requests, marketing permissions and prohibitions, and all information you submit in connection with the Service.

(v) Sales and marketing data: contact details and marketing preferences used to communicate with prospective and existing customers about eMabler's products and services, as well as data derived from commercial interactions, event attendance, and enquiries. This data is stored in eMabler's CRM platform.

(vi) Technical and device data: browser type and version, IP address, and location data sent by your device or browser when accessing the Service or the eMabler website.

(vii) Recruitment data (prospective employees): CV details, work-related qualifications, information from references, results of background checks or suitability-assessment tests, and other information provided by the job applicant.

(viii) Other data: data processed on the basis of your specific consent, defined in detail on a case-by-case basis.

eMabler may collect and use aggregated, anonymized non-identifying metadata for statistical purposes and service improvement, where no individual is identified.

3. SOURCES OF DATA

We collect personal data:

(i) Directly from you, when you login to the Service, or otherwise interact with us.

(ii) When you complete a customer survey, provide feedback, or use the Service via your browser's cookies.

(iii) When you fill out a contact form on our website.

(iv) Via your browser, which sends us data such as your IP address or country of origin when you visit our site.

(v) From publicly available sources or third-party services, where you have given your consent to that third party, and we may combine such data with information collected from our direct interactions with you.

(vi) For recruitment, directly from the job applicant and, with your consent, from publicly available sources or third-party providers such as background-check or suitability-assessment test providers.

4. PURPOSES AND LEGAL BASES FOR DATA PROCESSING

eMabler processes personal data for the following purposes and on the following legal bases:

(i) Providing and maintaining the Service, including user account management and authentication: the legal basis is performance of a contract.

(ii) Billing and payment processing: the legal basis is performance of a contract.

(iii) Reactive customer service and support (i.e. responding to requests directly related to the Service): the legal basis is performance of a contract.

(iv) Proactive relationship management (e.g. checking in with customers, usage reviews, renewal outreach): the legal basis is eMabler's legitimate interest in maintaining effective customer relationships.

(v) Development and improvement of the Service: the legal basis is eMabler's legitimate interest in improving and developing its services.

(vi) Security, fraud prevention, and ensuring the information security of the platform: the legal basis is eMabler's legitimate interest in protecting the Service and its users.

(vii) Statistical analysis and reporting: the legal basis is eMabler's legitimate interest in understanding service usage and performance.

(viii) Direct marketing, including email newsletters and EV industry insights: the legal basis is consent of the data subject. Marketing communications are sent only to data subjects who have opted in. You have the right to withdraw your consent to direct marketing at any time by using the unsubscribe link included in each marketing communication or by contacting us at privacy@emabler.com. If you opt out of direct marketing, we retain a minimum amount of personal data to respect your preference and to avoid contacting you again. Opting out of direct marketing does not affect communications necessary for the performance of the Service.

(ix) Compliance with legal and regulatory obligations, such as accounting requirements under the Finnish Accounting Act and data breach notification obligations: the legal basis is compliance with a legal obligation.

(x) Use of non-essential cookies for analytics and personalisation purposes: the legal basis is consent of the data subject.

(xi) Recruitment: deciding whether to employ a job applicant and determining the terms of employment: the legal basis is taking steps at the applicant's request prior to entering into a contract.

5. COOKIES AND TECHNICAL DATA

The Service and the eMabler website use cookies and similar technologies to enable functionality, improve the user experience, and provide analytics. The following types of cookies are used:

(i) Essential cookies: strictly necessary cookies for authentication, session management, and core platform functionality. These cookies are required for the Service to function and cannot be disabled.

(ii) Analytics cookies: cookies used to understand usage patterns and improve the Service. These cookies are placed only with your consent.

(iii) Advertising and functionality cookies: cookies used for personalisation purposes. These cookies are placed only with your consent.

We use cookies or similar technologies from third-party analytics and marketing platforms to analyse usage of the Service and enhance our offerings. Additional details on the use of these services are available in the privacy policies of the respective service providers.

You can manage or withdraw your cookie consent at any time through the cookie management banner on the eMabler website or through your browser settings. Disabling essential cookies may affect the functionality of the Service. Information on the cookies used is available through the cookie management banner on the website.

6. DATA RETENTION

We retain personal data only as long as necessary for the purposes outlined in this Policy, for the performance of the applicable agreement, or to fulfil legal obligations. The following retention periods apply:

(i) Processing based on a contract: personal data is retained for the duration of the contractual relationship and for as long as necessary to fulfil the contract.

(ii) After the end of a contractual relationship: personal data is retained for up to two (2) years after cessation of the Service to respond to claims and protect eMabler's legitimate interests, including responding to requests or claims under applicable provisions concerning statutes of limitations.

(iii) Processing based on legal obligations: personal data is retained for the period required by applicable law. For example, accounting records are retained from six (6) to ten (10) years under the Finnish Accounting Act.

(iv) Processing based on consent: personal data is retained until the consent is withdrawn, after which the data is deleted unless another legal basis for retention applies.

(v) Processing based on legitimate interest: personal data is retained as long as there is a justified reason for processing. If the data subject objects to processing, the situation is assessed and the data deleted if there is no longer a valid basis for retention.

(vi) Recruitment data: personal data of unsuccessful applicants is retained for as long as necessary for the recruitment process and to address related claims. Where the applicant has given consent to be considered for future open positions, such data may be retained for a period of up to twenty-four (24) months following the conclusion of the recruitment process to which the applicant originally applied. If the applicant does not consent or subsequently withdraws consent, the data is deleted or anonymised without undue delay after the original recruitment process is completed.

(vii) Anonymised and aggregated data is not subject to retention limits as it does not constitute personal data.

When personal data is no longer needed for any of the above purposes, it is deleted or anonymised within a reasonable timeframe.

7. DATA TRANSFER AND DISCLOSURE

Personal data is shared with the following categories of recipients:

Service providers and sub-processors: third parties engaged by eMabler to provide the Service, including cloud infrastructure providers, CRM platforms, billing and payment service providers, ticketing and customer-support platforms, and analytics platforms. These service providers process personal data on behalf of eMabler and in accordance with eMabler's instructions.

Authorities: personal data is disclosed to public authorities or other entities where required by applicable law, such as law enforcement authorities or regulatory bodies.

Where service providers process personal data on eMabler's behalf and in accordance with eMabler's instructions, eMabler remains responsible for the processing of such personal data and determines how it is processed.

8. TRANSFER OUTSIDE THE EU/EEA

Personal data is primarily processed within the EU/EEA, and eMabler uses data centres located within the EU/EEA. Where personal data is transferred outside the EU/EEA - for example, where a sub-processor's support team is located outside the EU/EEA - eMabler ensures an adequate level of data protection by applying appropriate safeguards in accordance with applicable data protection legislation, including standard contractual clauses (SCCs) approved by the European Commission, adequacy decisions, or other recognised transfer mechanisms. Supplementary technical, organisational, or contractual measures are implemented where necessary to ensure that personal data receives the same level of protection as within the EU/EEA.

9. DATA SUBJECT RIGHTS

Data subjects have the following rights under applicable data protection legislation:

(i) Right of access: the right to obtain confirmation as to whether personal data is being processed and, where that is the case, access to such data and information about the processing.

(ii) Right to rectification: the right to have inaccurate or incomplete personal data corrected or completed.

(iii) Right to erasure: the right to have personal data deleted where there is no legal basis for its continued retention.

(iv) Right to restriction of processing: the right to restrict the processing of personal data in specific situations.

(v) Right to data portability: the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit such data to another controller.

(vi) Right to object: the right to object to the processing of personal data based on legitimate interest. In particular, you have the right to object to the processing of your personal data for direct marketing purposes at any time, without providing any reason.

(vii) Right to withdraw consent: where processing is based on consent, the right to withdraw such consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

eMabler does not perform automated decision-making or profiling that produces legal or similarly significant effects on data subjects in connection with the Service.

To exercise these rights, please contact us at: privacy@emabler.com. eMabler responds to data subject rights requests within one (1) month of receipt. The response period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests. eMabler may request identity verification before processing such requests.

10. THE RIGHT TO FILE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

If you consider that your personal data has been processed in violation of applicable data protection legislation, you have the right to file a complaint with the competent data protection supervisory authority. In Finland, the competent authority is the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto), www.tietosuoja.fi. Data subjects may also lodge a complaint with the supervisory authority of their habitual residence or place of work within the EU/EEA.

11. DATA SECURITY

eMabler is ISO 27001:2022 certified and PCI DSS compliant. Personal data is accessible only to those employees and partners of eMabler whose duties require such access. For a comprehensive description of eMabler's information security framework, policies, and organisational and technical measures, please refer to eMabler Security.

We protect personal data processed in connection with the Service with appropriate technical and organisational security measures, as described in more detail in eMabler Security. These measures include, among others, encryption of data in transit and at rest, zero-trust architecture and role-based access management, regular external vulnerability scanning and security testing, and confidentiality obligations for all staff with access to personal data.

In the event of a personal data breach, affected data subjects and the competent supervisory authority are notified in accordance with the GDPR.

12. CONTACT

If you have any questions about data protection in connection with the Service or wish to exercise your data subject rights, please contact us at: privacy@emabler.com. Our contact details are as follows: eMabler Oy, Business ID: 3021922-2, Address: Maria01, Lapinlahdenkatu 16, 00180 Helsinki, Finland.

13. POLICY VERSION AND PUBLICATION

This Policy is published on the eMabler website and updated on 10 July 2026.