top of page

Privacy Policy

Customer Privacy Statement

Customer Privacy Statement | in-charge Ev 
1. Who we are

This privacy statement will inform you as to how in-charge ("in-charge", "we", "us" or "our"), as data controller, processes your personal information when you visit our websites or apps (the "Digital Asset"), make contact with us and/or use our products and services and tell you about your privacy rights and how the law protects you.

2. Contact us
If you have any questions about this privacy statement or our privacy practices in connection with the Digital Asset, please contact us by email at: If you are located in the EEA, Switzerland or the UK, you can get in touch with our Data Protection Officer (DPO) using the above information. 

3. The types of personal information we collect
Personal information, or personal data, means any information about an individual from which that person can be identified, whether directly or indirectly. As part of your visit to our Digital Asset and/or your receipt of products or services provided via the Digital Asset, in-charge may process the following personal information relating to you. 

Biographical and Contact Data such as name, telephone number and postal or email address, gender; marital status;

Account Credentials such as your username and your password;

Transaction Data such information may include details of transactions you carry out through our channels, of the fulfilment of the services we provide and payment details;

Professional Data such as job title, company name, company email address, business phone number, business address;

Preference Data such as any marketing or usage preferences you provide us or that we may infer from the other data provided to us;

Correspondence. If you contact us, we will typically keep a record of that correspondence. This may include telephone calls, which we record to assist us in training our staff and undertaking quality checks; and

Digital Asset Usage Data such as IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Digital Assets. When you visit our Digital Asset, cookies (and similar technologies) are used to collect information about your Digital Asset usage. You can set your browser to refuse all or some browser cookies, or to alert you when Digital Assets set or access cookies. If you disable or refuse cookies, please note that some parts of this Digital Asset may become inaccessible or not function properly. For more information about the cookies we use, please refer to our Cookie Statement.

You may provide this information to us or we may obtain this information from other sources, such as from third parties and publicly available data sources. We may also generate this information about you e.g. through the creation of a file with your customer records and contact history.

4. What we intend to do with the personal information
When we use your personal information for the purposes outlined in this privacy statement, we ensure that we have a lawful basis to do so. Under the UK and EU GDPR and where applicable in other jurisdictions, we will generally rely on one or more of the following lawful bases:

Performance of the contract we have with you for the provision of our services. [This contract is governed by our applicable Terms and Conditions;

Legitimate interest: This is relevant where we use your personal information where it is necessary for our (or a third party’s) legitimate interests and those interests do not override your rights;

Compliance with law or regulation: This is relevant where we use your personal information where it is necessary to comply with applicable laws; and

Consent: This is relevant where we need your consent to use your personal information. However, we do not usually need your consent. Where specifically identified elsewhere in this privacy statement, you may be able to withdraw your consent to certain types of processing.

Your personal information may be stored and processed by us in the following ways and for the following purposes (we have also set out the UK and EU GDPR lawful basis that apply for each): click here to view

You may choose not to provide us with your personal information. However, if you choose not to provide your personal information, we may not be able to provide you with certain of our services.


We may apply profiles to you based on the personal information set out above. Such profiles may be used to personalize the Digital Asset or services, decide what to advertise to you and/ or as part of security threat detection and prevention.

5. The recipients (or categories of recipients) of the personal information 
Intragroup sharing

We may share your personal information with other entities within the bp Group as part of our business operations, including with our parent company bp PLC, headquartered in the United Kingdom. 

Social media platform

Legal and regulatory disclosures

We may disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and / or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on in-charge. We may also share your personal information in connection with legal proceedings. These bodies may be situated outside of your jurisdiction. 

6. Your Data Protection Rights
Under certain circumstances (and subject to exemptions) you have rights under data protection laws in relation to your personal information. If you wish to exercise any of the rights set out below, please contact us. You have the right to:

Request access to your personal information.  Where applicable, you are entitled to receive a copy of personal information we hold about you.

Request correction of the personal information that we hold about you. You may request that we correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal information we hold about you is accurate and current. Please contact us to update us in the event of any changes to your personal information.

Request erasure of your personal information. You may request that we delete or remove personal information where there is no overriding reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law.

Object to processing of your personal information. Where we are relying on legitimate interests, you have the right to object to processing of your personal data where you consider that the processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue to process your personal information and if this is the case, we will inform you.

Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:

If you want us to establish the data's accuracy;

Where our use of the data is unlawful but you do not want us to erase it;

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and/or

You have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to continue to process it.

Request the transfer of certain of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to information you provided to us and which we process on the basis of consent or where it is necessary to perform a contract with you.

Withdraw consent where we are relying on consent to process your personal information. Withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complain to the data protection regulatory authority. You have the right to complain to the relevant  data protection supervisory authority (regulator) at any time. If possible, we would appreciate the chance to deal with your concerns before you approach the relevant data protection regulator, so please contact us in the first instance. Additionally, certain regulators encourage you to contact us as the data controller in the first instance, please refer to any guidance produced by the relevant regulator in this regard.  If you are located in the EEA/Switzerland/UK, see below for more information about identifying the relevant regulator.

7. Retention period, or alternatively, the criteria used to determine that period
How long we will hold your personal information for will vary and will be determined by the purpose for which we are using it. We will need to keep the data for as long as is necessary for that purpose in line with our business needs, [as documented in our Global Records Retention Schedule]. These may vary between jurisdictions.  [For example, if you are located in the UK and we have a contract with you, we will typically retain your personal information for a period of 6 years following termination of that contract, unless litigation is anticipated when we will keep it longer.] Additionally, there may be laws or regulation which set a minimum period for which we have to keep your personal information. We will only hold your information for the defined retention period, before anonymizing the information or deleting it. Anonymising the personal information means making it so that it can no longer be identifiable to you personally. This can be achieved either by aggregating the data (for example, to make a finding about a group of people as opposed to a specific individual) or by removing any personal identifiers (for example, contact information) so that it can still be used to identify trends and patterns but cannot be linked back to a specific individual.

If you would like further information in connection with the retention period that is applicable to your personal information held for a specific purpose, please contact us.

For retention periods relating to cookie data specifically, please refer to our Cookies statement.

If you choose to unsubscribe from a service, we may keep a ‘suppression list’ containing your details so we know you have unsubscribed and to ensure you are not contacted again. Your personal information held on a suppression list will not be used for any other purpose.

8. Third-party websites we link to 
This Digital Asset may contain links to Digital Assets or content provided by other third parties which are outside our control and are not covered by our privacy statement. Interacting with that content may allow third parties to collect or share data about you. We encourage you to read those providers’ own privacy statements.

9. Changes to this privacy statement
This privacy statement became effective on 19/10/2023 and was last reviewed in 10/2023

bottom of page