Effective date: 22 July 2025
Last updated: 22 July 2025
Who we are
Iskraemeco Portugal, Lda. (“
Iskraemeco”, “
we”, “
us” or “
our”) is a company registered at
Rua Santos Pousada, N.º 157 – 4.º, Sala 17 4000–485 Porto. We operate the Iskraemeco eMobility mobile applications for iOS and Android, including the
Spectre app, the eMobility web portal, and the public website
https://www.iskraemeco-emobility.com (together, the “Services”).
- General privacy enquiries:
info.pt@iskraemeco.comScope of this Policy
This Policy covers personal data processed when you:
- Visit the Site (
https://iskraemeco-emobility.com);
- Use any Iskraemeco eMobility App, including the Spectre App, downloaded from the Apple App Store or Google Play Store (the “App”);
- Interact with our cloud APIs or customer support channels that link to this Policy.
If a particular service links to a different privacy notice, that notice will prevail for that service.
What data we collect
We collect only the categories shown below. If a data point is optional, we will say so when requesting it.
| Category |
Examples |
How we collect |
Purpose |
Retention |
| Account & Contact |
Name, e‑mail, phone, postal address |
You provide in App/Site forms |
Create/manage account, service messages, support |
Deleted 30 days after account deletion or 24 months of inactivity |
| Authentication |
Encrypted password, OAuth/Apple ID/Google ID token |
When you sign in |
Secure login |
Deleted with account |
| Identifiers |
Device ID, advertising ID (AAID/IDFA), IP, push‑token |
Collected automatically |
Fraud prevention, push notifications, analytics |
Logs 90 days; push‑token removed when you disable pushes |
| Precise location (GPS) |
Charger coordinates, real‑time position |
Only if you grant permission |
Show nearby chargers, start session |
Stored on device; session location kept 10 years (tax records) |
| Usage & diagnostics |
Screen views, taps, crash logs |
Firebase Crashlytics, Apple App Analytics |
Improve stability & UX |
Diagnostics 90 days; aggregated stats 24 months |
| Payment & transactions |
Tokenised card ID, receipts, VAT No., currency |
Apple Pay / Google Play Billing / Stripe |
Process payments, comply with accounting law |
Financial data 10 years |
| Marketing preferences |
Newsletter opt‑in, consent flags |
You set in Settings or e‑mail |
Send product news |
Deleted immediately on opt‑out |
We do not: (a) read your contacts, photos or clipboard; (b) use third‑party advertising SDKs; (c) knowingly collect data from children under 13.
Legal bases (GDPR Art. 6)
- Contract – perform the Terms of Service.
- Legal obligation – keep tax/transaction records.
- Legitimate interest – secure and improve the Services.
- Consent – for location, analytics, marketing and push notifications. You can withdraw consent in App → Settings → Privacy or by contacting us.
How we share data
We share personal data only with:
- Processors bound by Art. 28 GDPR contracts (cloud hosting on Microsoft Azure EU, Stripe Payments Europe, Apple/Google for in‑app payments, Firebase Crashlytics, SendGrid e‑mail service).
- Iskraemeco group companies (intra‑group data protection agreement).
- Public authorities when legally required.
- Successors in corporate restructuring (we will notify you).
We never sell data or allow third‑party ads.
International transfers
Where data is transferred outside the EEA we rely on:
- Adequacy decisions (e.g. Switzerland, UK) or
- The EU Standard Contractual Clauses with supplementary safeguards.
Your rights
You have the right to
access,
rectify,
erase,
restrict,
object,
port, and
withdraw consent. To exercise a right:
- Use the in‑App controls (
Settings → Privacy & Security), or
- E‑mail
info.pt@iskraemeco.com.
We respond within
30 days. You may complain to the Portuguese Data Protection Authority (CNPD) or your local regulator.
Account & data deletion (App Store / Play Policy)
From 31 January 2022 (Apple) and 31 May 2024 (Google) we must let you delete your account inside the App:
App → Settings → Account → Delete My Account
- Account and authentication data: immediate deletion.
- Transaction records: retained 10 years, pseudonymised.
- Push‑token and location data: removed within 24 hours.
Cookies & similar tech
The Site uses only first‑party session cookies and preference cookies. See our Cookie Policy for details. The Apps do not use cookies but may store secure local preferences.
Security
We apply ISO 27001‑aligned controls including TLS 1.3, AES‑256 encryption at rest, Argon2id password hashing, RBAC, regular penetration testing and 24/7 monitoring. No system is 100 % secure but we endeavour to minimise risk.
Changes to this Policy
We may update this Policy. Material changes will be announced in‑App and on the Site 14 days before they take effect. Continued use after the effective date means acceptance.
