Zaptec ASA
Your relationship with Zaptec is a journey: from the first time you visit our website, to installing a charger, using our smart services and, if you choose, closing your account. Along the way, we use personal data to deliver our products safely and reliably, and to meet legal requirements.
This Privacy Policy explains how Zaptec Charger AS (“Zaptec”, “we”, “us”) uses your personal data throughout that journey, including:
This Policy is based on and intended to comply with:
“Personal data” means any information relating to an identified or identifiable natural person. Typical examples include your name, contact details, identification numbers and online identifiers.
Zaptec’s products are smart, connected IoT devices. They are designed to be used with network connectivity and cloud functionality. You are not required to create a Zaptec cloud account to use certain basic features, but some product and installation data will still be processed through our connected services to maintain safety, stability and security. If you prefer chargers that operate entirely offline without connected functions, Zaptec products may not be suitable for your needs.
[1] List of applicable Legislation is listed in section 10.1
Zaptec Charger AS is the controller for the processing of personal data covered by this Privacy Policy, unless stated otherwise for a specific activity.
Contact details:
We also work with independent third parties who act as controllers for their own processing, such as:
These parties typically decide themselves why and how they process personal data in their role as controllers, and their own privacy information explains their purposes, legal bases and retention periods in more detail.
This section follows your journey with Zaptec: from the moment you land on our website, through using our products and services, to closing your account. At each step we set out:
We do not intentionally collect special categories of personal data from our users or customers (such as health, religious, or biometric data). If we become aware that such data has been inadvertently collected, we will delete it unless we have a lawful bases under Article 9 GDPR
Your journey often starts on our website. When you browse www.zaptec.com and related sites, we use technical and usage data to run the site, keep it secure and understand how visitors use it. We also use cookies and similar technologies, with consent where required.
This helps us to provide a stable, secure experience, improve content and – where you agree – show more relevant marketing.
What we collect:
IP address, browser and device information, operating system, date and time of visits, pages viewed and navigation patterns, cookie and similar tracking data.
Why we collect it:
Run and secure the website, prevent misuse and abuse, measure performance, understand how visitors use the site, improve content and layout, and provide personalised content and marketing where you consent.
Key legal bases:
Legitimate interests (Article 6(1)(f) GDPR / UK GDPR) for essential cookies, basic analytics, optimisation and security. Our specific interests are: (i) maintaining website security and preventing abuse; (ii) understanding visitor behaviour to improve content and functionality; and (iii) ensuring stable website performance. Consent (Article 6(1)(a)) for “non‑essential cookies” and similar technologies (for example, certain marketing and tracking tools).
How long we keep it:
Web server logs are kept for a limited period to track errors, potential security threats and misuse, then deleted. Cookie data is stored for the durations shown in our cookie settings and is under your control via the cookie banner and browser settings.
At different points in your journey you may buy products or services, either directly from Zaptec or through installers, resellers, distributors or other commercial customers that sell Zaptec products and services. We use your purchase data to process orders, handle payments and support your statutory and contractual rights.
What we collect:
Name and contact details, billing and delivery address, payment information via payment providers, purchase history, product type and serial number, and correspondence about your purchase.
Why we collect it:
Process orders, deliver products and services, issue invoices, handle payments and reminders, support warranty and statutory consumer rights, and comply with accounting and tax rules.
Key legal bases:
Our legal bases are: (i) Performance of a contract (purchase and related services), (ii) compliance with our legal obligations (for example, bookkeeping and tax legislation), and (iii) in reliance on our legitimate interests in ensuring timely payment and managing disputes, where relevant.
How long we keep it:
Purchase‑related personal data is generally kept until it is no longer necessary to respond to your inquiries, the product warranty and related limitation periods have lapsed, and statutory retention obligations (for example for accounting) are fulfilled.
When you install a Zaptec charger, some personal data is used to identify the product, link it to a location and ensure that the installation is safe and compliant.
In most cases, the physical installation work is performed by an independent installer, electrician or other service provider. They act as an independent controller for their own processing of your personal data (for example, their customer records and job documentation) and will provide their own privacy information.
What we collect:
Charger and installation identifiers (for example, charger serial number, site or installation ID, configuration settings), basic site and location information (such as type of property and relevant electrical installation details), and, where the charger is linked to a Zaptec account, basic account and contact data (for example, name, email address and role in relation to the site or charger).
Why we collect it:
Register and activate the charger in Zaptec Cloud, ensure that the charger and its configuration meet basic safety, stability and security requirements, link the charger to the correct user account, site, roles and permissions, and document the product and installation for support, warranty and safety follow‑up. Where relevant, we share necessary installation and activation data with installers, professional site operators and energy providers who act as independent controllers for operating and supporting the charging site.
Key legal bases:
Our legal bases are (i) fulfilment of our legal obligations (for example, product- and electrical‑safety, warranty and other regulatory requirements), and (ii) our legitimate interests in operating safe and reliable products and installations, preventing misuse and improving the safety and quality of our chargers and services.
How long we keep it:
Installation and activation data that forms part of your account, site or product record is kept while the relevant account, site or product remains active and for defined backup and limitation periods to handle safety issues, warranty and potential legal claims. After that, the data is deleted or anonymised; certain device- and installation‑level records may continue in a de‑linked or pseudonymised form for safety and product‑development purposes.
To move beyond browsing and start using Zaptec Products and Cloud Services, you create a Zaptec account. We use your identity and contact details to set up and manage your profile, authenticate you and connect your account to chargers, sites and permissions.
Without this information we cannot provide a secure, personalised account experience.
What we collect:
Full name, email address, mobile phone number, installation address, preferred language, user groups and permissions, radio-frequency identification transponders ("RFID") tags, charger and device serial numbers linked to your account, basic charging preferences and profile settings.
Why we collect it:
Create and manage your Zaptec account and profile, authenticate you securely, manage roles and permissions, provide access to Zaptec Products and Cloud Services, link you to installations and charging stations, show relevant charging history, and communicate with you about your account and security.
Key legal bases:
Our legal bases are: (i) Performance of a contract (Article 6(1)(b)) to provide your account and enable use of Zaptec Products and Cloud Services, (ii) our legitimate interests (Article 6(1)(f)) in securing accounts, preventing misuse and improving the service, and (iii) compliance with our legal obligations (Article 6(1)(c)) where account data forms part of records we must keep, for example for accounting or compliance purposes.
How long we keep it:
Account data is stored while your account is active. When you close your account, related data is deleted or anonymised after a limited retention period for backups, logs and potential legal claims. Backups that still contain account data are retained only for defined backup periods and are then overwritten or securely deleted.
Once you have an account and charger, most of your journey happens in daily use: plugging in, charging, viewing history, adjusting settings and using smart features. Our chargers and services generate and use technical and usage data to operate safely, balance loads and improve performance.
Zaptec Sense, where installed, adds detailed energy‑meter and consumption data so that you can optimise your installation.
What we collect:
Charger settings and configuration (for example, access control, maximum current, schedules), site data (site name, location, layout and configuration), charger activity data (charging start/stop times, energy delivered, status and fault codes, firmware information), device identifiers (charger and component serial numbers), user identifiers (for example RFID tag IDs, account IDs), and connected third-party operators. For Zaptec Sense: energy‑meter readings, overall installation energy consumption, more detailed charging history, Zaptec Sense serial number.
Why we collect it:
Operate chargers and cloud functions, provide smart features such as dynamic load balancing, scheduling and flexing, keep installations safe and within agreed limits, detect and handle faults and misuse, present dashboards and history to authorised users, and improve and further develop Zaptec Products and Cloud Services, including through aggregated statistics.
Key legal bases:
Our legal bases are (i) performance of a contract to deliver Zaptec Products and Cloud Services and core smart features, (ii) in reliance of our legitimate interests in monitoring and improving quality, ensuring safety and preventing abuse and misuse of the services, and (iii) compliance with our legal obligations where certain records must be retained for safety, regulatory or product‑liability reasons.
How long we keep it:
Charging history linked to your user account is kept while your account is active and for defined backup and claims periods. Device activity records may be stored permanently in a de‑linked or pseudonymised form for safety, maintenance and product‑development purposes; once they are no longer linked to an identifiable person, they are no longer personal data.
In some markets, you can join flex services and demand-side flexibility payments or rewards programmes. These programmes typically adjust charging in response to grid conditions or tariffs and reward you for flexibility. That requires sharing and processing more detailed consumption and configuration data, sometimes with energy-sector partners.
What we collect:
Identity and contact details, charger and site configuration relevant to the programme, charger activity and consumption data, flex configuration and rewards data (for example participation metrics and rewards earned), energy tariff and grid related data from partners, communication and preference data, and bank account numbers or other payment details where needed to pay out financial rewards.
Why we collect it:
Operate the programme according to its terms, adjust charging based on grid or energy‑market signals, calculate, allocate and document rewards or other benefits, and cooperate with market energy partners, network operators and other energy service providers involved in the programme.
Key legal bases:
(i) Legitimate interests in operating and stabilising energy systems, administering and documenting participation in flex and rewards or other energy programmes, and improving Zaptec Products and Cloud Services; legal obligations where applicable energy‑sector, market, accounting, tax or other rules require processing or retention of programme, metering or transaction data; and, for participants who have accepted the applicable Terms of Use, become entitled to financial rewards and provided bank or other payout details, performance of a contract for calculating, documenting and paying out those rewards.
How long we keep it:
Flex and rewards programme data is stored for as long as you participate in the programme, plus the time needed for settlement, reporting, accounting and any applicable limitation periods for claims. After that, it is deleted or anonymised, unless a longer period is required by law.
If something goes wrong, or if you have questions, you may contact Zaptec support or make a warranty claim. To help you, we often need both your contact details and relevant technical data from your charger or installation.
What we collect:
Name and contact details, address and site information, charger serial number and related identifiers, logs, diagnostics and energy-meter readings relevant to the issue, case and return numbers, correspondence, and, where you consent, recordings of support calls.
Why we collect it:
Provide support, troubleshoot issues, fulfil warranty commitments, manage returns and repairs, investigate potential safety issues, and improve our support processes and training.
Key legal bases:
Performance of a contract to provide support and warranty services. Legitimate interests in improving and adapting Zaptec Products and Cloud Services and ensuring safe operation. Consent for optional call recordings for quality and training.
How long we keep it:
Support and warranty data is kept for the duration of the case and for a defined period afterwards, reflecting warranty and legal limitation periods. Call recordings, where used, are stored only for a limited quality‑assurance and training period before being deleted or anonymised.
We may stay in touch with you through newsletters, product information about Zaptec Products and Cloud Services (for example, new or improved features), other marketing, surveys or competitions. We try to keep this relevant and limited, and you stay in control of your choices.
What we collect:
For marketing: name, email address, role and company, information about your previous purchases and interactions. For product information: contact details and information about the Zaptec Products and Cloud Services you use (for example charger model, site type or enabled features), so that we can send or show relevant product‑related messages. For surveys/competitions: name, address and/or telephone number, gender, date of birth, interests and other data you provide when you choose to participate.
Why we collect it:
Send information about Zaptec Products and Cloud Services, including product information about new or changed features and safety‑relevant updates, administer customer relationships, run and follow up voluntary surveys, competitions and promotions, deliver prizes, and perform statistics and analysis to improve our services, product experience and marketing.
Key legal bases:
Our legal bases are: (i) in reliance of our legitimate interests in administering existing customer relationships and providing product information and certain B2B marketing about Zaptec Products and Cloud Services, and (ii) your prior lawfully obtained consent for electronic direct marketing where required by law and for voluntary surveys, competitions and similar activities.
How long we keep it:
Marketing‑ and product‑information‑related data is stored while you are an active contact or customer, or until you unsubscribe, object or withdraw consent, plus a short period to document your choices. Survey and competition data is kept for the duration of the activity and any necessary reporting or prize fulfilment, then deleted or anonymised.
You can unsubscribe from marketing emails at any time using the link in the email, or withdraw consent by contacting gdpr@zaptec.com.
If you are an installer, partner or other professional user, your journey may include training through Zaptec Academy. Training data helps track which courses have been completed and supports safer installations.
What we collect:
Name (or pseudonym), email address, country, language, company name, course participation and completion history, name of supervisor, and team information where a company administers training for its staff.
Why we collect it:
Provide and administer online training, track completion where required by your organisation or by Zaptec programmes, and reduce installation errors and safety risks by ensuring trained personnel handle installations.
Key legal bases:
Our legal bases are: (i) legitimate interests in promoting safe and correct installation and use of Zaptec products, and (ii) performance of a contract where Zaptec Academy training is part of a broader service or partner agreement.
How long we keep it:
Training data is stored while the Zaptec Academy account or team is active and for a limited period afterwards to document training and support safety‑related obligations.
As your use grows more advanced, you may connect Zaptec Products and Cloud Services to professional charging sites, fleet systems or other third‑party services. In those cases, we share data that is necessary for the integration, and those third parties act as independent controllers.
What we collect and share:
When you use professional charging sites operated by Charging Point Operators ("CPOs") or other 3rd party service, or authorise them to manage your Zaptec charging site, we share charger activity data, charger settings and site data with them under their integration agreement with Zaptec. If you log into third‑party services using your Zaptec credentials, those services can access information in the Zaptec cloud relevant to your charging site and account.
Why we share it:
Operate and manage professional charging sites, enable roaming between networks, provide fleet and energy services, and allow employers, building owners or other operators to manage access, billing and reporting.
Third-party roles:
CPOs, energy providers and other third‑party services act as independent controllers for their own processing. They decide their own purposes, legal bases and retention periods.
How long we keep it:
We keep the underlying product and account data in line with other parts of this Policy (for example, sections 3.2–3.3). Third‑party controllers keep data according to their own policies, which you should review for details.
Every journey can come to an end. If you choose to stop using our services and close your Zaptec account, we reduce our processing to what is strictly necessary and phase out personal data over time through deletion or anonymisation.
What is deleted:
Personal data linked to your Zaptec account (including account profile and charging history visible in the Zaptec Portal and app) is deleted or anonymised once it is no longer needed for the purposes described in this Policy and in our internal protocol, subject to legal retention requirements.
What may be retained:
Certain data must be retained for legal and security reasons, including billing and accounting records, logs for security and misuse detection, and data necessary for the establishment, exercise or defence of legal claims, for the relevant retention or limitation periods.
De‑linked device data:
Device activity records may be stored permanently in a form that is no longer associated with any personal data once the relevant account is deleted. Such de‑linked data is used for safety, maintenance and product‑development purposes and is no longer personal data.
Backups:
Changed or deleted personal data may remain in security backups for a limited period until those backups are overwritten or securely deleted on schedule.
This overview summarises key purposes, categories of personal data and main legal bases. Detailed definitions follow Zaptec’s internal data processing protocol.
Operate and improve websites and apps
• Categories: IP address, device and browser data, operating system, cookies and usage data, log data.
• Legal bases: legitimate interests (for essential cookies, basic analytics, optimisation and security), consent (for non‑essential cookies and similar technologies).
Process purchases and handle finances
• Categories: identity and contact data, billing and delivery details, payment and invoice data, purchase history, product type and serial numbers, correspondence about purchases.
• Legal bases: contract (purchase and related services), legal obligations (for example, bookkeeping and tax legislation), legitimate interests in ensuring timely payment and managing disputes.
Install and activate Zaptec chargers
• Categories: charger and installation identifiers, basic site and location information, installation configuration data, basic account and contact data where linked to a Zaptec account.
• Legal bases: legal obligations (for example, product and electrical‑safety, warranty and other regulatory requirements), legitimate interests in operating safe and reliable products and installations, preventing misuse and improving the safety and quality of our chargers and services.
Provide and manage Zaptec accounts
• Categories: identity and contact data, installation address, login and authentication data, user groups and permissions, RFID tags and identifiers, linked charger and device identifiers, preferences and profile settings.
• Legal bases: contract (to provide your account and enable use of Zaptec Products and Cloud Services), legitimate interests (for example, in securing accounts, preventing misuse and improving the service), legal obligations (for example, where account data forms part of records we must keep for accounting or compliance).
Run Zaptec Products and Cloud Services and smart functions
• Categories: account data, charger settings and configuration, site data, charger activity and telemetry data, device identifiers, user identifiers (including RFID tags and account IDs), data about connected third‑party operators, Zaptec Sense energy‑meter readings and detailed consumption and history where installed.
• Legal bases: contract (to deliver Zaptec Products and Cloud Services and core smart features), legitimate interests (in monitoring and improving quality and performance, ensuring safety and preventing abuse and misuse), legal obligations (where certain records must be retained for safety, regulatory or product‑liability reasons).
Operate flex and rewards / energy programmes
• Categories: account and contact data, charger and site configuration relevant to the programme, charger activity and consumption data, flex configuration and rewards data, tariff and grid‑related data from energy‑sector actors, communication and preference data, bank account numbers and other payout details where needed to pay rewards.
• Legal bases: legitimate interests in operating and stabilising energy systems, administering and documenting participation in flex and rewards or other energy programmes, and improving Zaptec Products and Cloud Services; legal obligations where applicable energy‑sector, market, accounting, tax or other rules require processing or retention of programme, metering or transaction data; and, for participants who have accepted the applicable Terms of Use, become entitled to financial rewards and provided bank or other payout details, contract for calculating, documenting and paying out those rewards.
Provide support and warranty services
• Categories: contact details, address and site information, product and serial numbers, logs, diagnostics and energy-meter readings relevant to issues, case and return numbers, correspondence, call recordings where consented.
• Legal bases: contract (to provide support and warranty services), legitimate interests (in improving and adapting Zaptec Products and Cloud Services and ensuring safe operation), consent (for optional call recordings for quality and training).
Provide product information, marketing, surveys and competitions
• Categories: contact data, role and company, information about the Zaptec Products and Cloud Services you use, interaction history, purchase history, survey and competition responses, interests and preferences.
• Legal bases: legitimate interests in administering existing customer relationships and providing product information and certain B2B marketing about Zaptec Products and Cloud Services, consent for electronic marketing where required by law and for voluntary surveys, competitions and similar activities.
Provide Zaptec Academy training
• Categories: identification or pseudonym, contact details, country and language, company and team details, course participation and completion history, supervisor links.
• Legal bases: legitimate interests in promoting safe and correct installation and use of Zaptec products, contract where Zaptec Academy training is part of a broader service or agreement.
Connect to professional sites and third‑party services
• Categories: information about which CPOs, fleet or energy services and other third‑party services are connected to a charger or site, and the charger activity, settings and site data that are shared as part of those integrations.
• Legal bases: contract (with professional customers and operators who use Zaptec Products and Cloud Services to deliver their own services), legitimate interests (in enabling integrations, roaming, fleet and energy services and correct allocation and invoicing of such services), legal obligations where applicable sector rules require processing or reporting.
Close accounts and phase out data
• Categories: relevant subsets of account, product, charging, billing, support and log data as described above.
• Legal bases: legal obligations (for example, accounting, tax, safety and regulatory requirements), legitimate interests (for example, in handling complaints and legal claims and maintaining security and integrity of systems).
Comply with legal obligations and handle claims
• Categories: relevant data from the above categories as needed for accounting, tax, safety, regulatory requests, internal control, audits and legal claims.
• Legal bases: legal obligations, legitimate interests, establishment, exercise or defence of legal claims.
Produce aggregated statistics and improvements
• Categories: anonymised or pseudonymised usage and performance data derived from products, services and websites.
• Legal bases: legitimate interests; once data is fully anonymised, it is no longer personal data.
We may share personal data within the Zaptec group where this is necessary to provide services, for internal administration, support, hosting and security, based on intra‑group arrangements and appropriate safeguards.
We use carefully selected service providers to deliver IT hosting, analytics, communications, customer support tools, marketing platforms and similar services. These providers act as processors and may only process personal data on our instructions and subject to confidentiality, security and data protection obligations.
Examples include:
We share personal data, where relevant, with:
These parties act as independent controllers for their own processing and have their own legal bases and retention periods. Their privacy information will explain their processing in more detail.
We may also receive personal data about you from these parties, such as contact details and installation information provided by installers, or charging session data from CPOs.
Where required or permitted by law, we may disclose personal data to:
Some of our service providers and partners are located outside the EEA, the UK or Switzerland, or process data from those locations.
When personal data is transferred to countries without an adequacy decision from the European Commission, the UK Government or the Swiss Federal Council, we implement appropriate safeguards, such as:
You can contact us for more information about the specific safeguards that apply to your data and, where appropriate, obtain a copy of the relevant transfer mechanism.
We keep personal data only for as long as necessary for the purposes defined in our internal data processing protocol and summarised in this Policy, and then delete or anonymise it.
In general:
Where deletion is not immediately possible (for example, in backups), data is securely isolated and removed when the backup is overwritten or expires.
If we process your personal data based on consent, we delete that data if you withdraw your consent, unless another legal bases applies. In some cases, we may anonymise data instead of deleting it, by removing all identifying characteristics so that it can no longer be linked to an individual.
You have a number of rights in relation to our processing of your personal data. Which rights apply in a specific case depends on the circumstances and applicable law.
You can request confirmation of whether we process personal data about you, and receive a copy of that data together with further information about our processing.
You can ask us to correct or complete inaccurate or incomplete personal data.
You can ask us to delete your personal data in certain situations, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal bases. We will respect and comply with your request where legal requirements and our legitimate interests allow it.
You can request that we restrict the processing of your personal data in certain circumstances, for example while we are assessing an objection or a request for rectification. If processing is restricted, we will, apart from storage, process the data only with your consent or where we are otherwise permitted to do so by law (for example, for legal claims or to protect another person).
Note that certain product features rely on continuous connectivity and data flows. Restricting some processing may affect how you can use Zaptec Products and Cloud Services.
You can object at any time to:
For marketing, we will always stop processing when you object. For other legitimate‑interest processing, we will stop unless we can demonstrate compelling legitimate grounds that override your interests or the processing is necessary for the establishment, exercise or defence of legal claims.
Where we process your personal data based on your consent or a contract, and the processing is carried out by automated means, you can ask to receive the data in a structured, commonly used and machine‑readable format, or ask us to transmit it to another controller where technically feasible.
Where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal, but we will stop the processing that was based on consent unless another legal bases applies.
If you are in Switzerland, you have comparable rights under the New Federal Act on Data Protection (nFADP), including rights to information and to object to certain processing, as well as transparency regarding profiling where relevant.
If you are in Thailand, you have comparable rights under the Personal Data Protection Act B.E. 2562 (2019) (Thai PDPA), including rights to access and obtain a copy of your personal data, request rectification or deletion, and object to or restrict certain processing.
To exercise your rights, contact us using the details in section 2. We may need to request additional information to verify your identity before handling your request. Some rights are subject to exceptions and limitations under applicable law and may not apply in all circumstances. Further information is available from your local data protection authority.
We do not currently make decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Smart features such as load balancing and scheduling are designed to optimize charging but generally do not restrict your access to services or affect your legal rights.
Zaptec is responsible for implementing appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.
Measures typically include:
We regularly review and adapt our security measures in light of technological developments and risk assessments.
If you have questions or concerns about how we process your personal data, please contact us first using the details in section 2. We will do our best to resolve your concerns.
You also have the right to lodge a complaint with a supervisory authority, in particular with:
Contact details and further information about your rights are available on the websites of these authorities.
At the time of this revision of the Privacy Policy, our processing of personal data is primarily governed by the following privacy laws (depending on where you are located and how you use our services):
Other privacy laws also apply, and as we expand our operations or as legislation changes, additional relevant laws will be reflected in future revisions of this Privacy Policy.
We may update this Privacy Policy from time to time, for example if our processing activities, products, services, technical infrastructure or applicable laws change.
The latest version is always available on our website. For significant changes, we will provide additional notice, for example through the Zaptec Portal, the app or by email, where appropriate.
Revised 07/05/2026