Privacy Policy
How we collect, use, and protect your personal information.
GuestCharge • Privacy Policy • Compliant with UK GDPR
1. INTRODUCTION
1.1 About This Policy
This Privacy Policy ("Policy") explains how KD Industries Ltd, a company registered in England and Wales (Company No. 16052026), trading as "GuestCharge" ("we", "us", "our"), collects, uses, shares, and protects personal data when you use our platform, website, and services (collectively, the "Service").
We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.
1.2 Data Controller Information
For the purposes of data protection law, GuestCharge is the Data Controller for personal data collected through the Platform, except where explicitly stated otherwise in this Policy.
Contact Details:
| Role | Contact |
|---|---|
| Data Protection Officer | team@kdenergy.co.uk |
| General Enquiries | team@kdenergy.co.uk |
| Postal Address | 69 Marlborough Place, London, NW80PT, United Kingdom |
1.3 Scope
This Policy applies to:
(a) Visitors to our website at guestcharge.co;
(b) Users of our web application at app.guestcharge.co;
(c) Hosts who register Charging Equipment on the Platform;
(d) Guests who use the Platform to access charging services; and
(e) Anyone who contacts us or interacts with our services.
2. DATA WE COLLECT
2.1 Information You Provide
2.1.1 Account Registration (Hosts)
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, date of birth | Account creation, identity verification |
| Contact Data | Email address, phone number, postal address | Communications, service delivery |
| Financial Data | Bank account details (via Stripe) | Payout processing |
| Verification Data | Identity documents (processed by Stripe) | Regulatory compliance, fraud prevention |
2.1.2 Account Registration (Guests)
Guests may use the Service without creating a full account. We collect:
| Data Category | Examples | Purpose |
|---|---|---|
| Contact Data | Email address (optional) | Session receipts |
| Payment Data | Payment card details (processed by Stripe) | Transaction processing |
2.1.3 Charger Registration (Hosts)
| Data Category | Examples | Purpose |
|---|---|---|
| Location Data | Charger address, GPS coordinates | Service functionality, Guest discovery |
| Equipment Data | Charger model, serial number, power output, connector types | OCPP integration, compatibility display |
| Pricing Data | Price per kWh | Transaction calculation |
2.1.4 Communications
| Data Category | Examples | Purpose |
|---|---|---|
| Correspondence | Emails, chat messages, support tickets | Customer support, dispute resolution |
| Feedback | Reviews, ratings | Service improvement, trust and safety |
2.2 Information Collected Automatically
2.2.1 Usage Data
When you use the Service, we automatically collect:
| Data Category | Examples | Purpose |
|---|---|---|
| Device Information | Device type, operating system, browser type | Service optimisation, security |
| Log Data | IP address, access times, pages viewed | Security monitoring, debugging |
| Session Data | Charging session timestamps, duration, energy consumed | Billing, analytics |
| OCPP Data | Charger status, connection logs, meter readings | Service functionality |
2.2.2 Location Data
We collect location data as follows:
| User Type | Location Data Collected | Purpose | Your Control |
|---|---|---|---|
| Hosts | Charger address (manual entry), GPS coordinates | Charger discovery by Guests | Required for service |
| Guests | IP-based approximate location | Show nearby chargers | Can disable, limits functionality |
We do not track Guest movement or store continuous location history.
2.2.3 Cookies and Similar Technologies
We use cookies and similar technologies for:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication, security, load balancing | Session |
| Functional | Remember preferences, language settings | Persistent |
| Analytics | Understand usage patterns, improve service | Persistent |
For detailed information, see Section 11 (Cookie Policy) below.
2.3 Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| Stripe | Identity verification results, payout status | Regulatory compliance, Host onboarding |
| Fraud Prevention Services | Risk scores, device fingerprinting | Security |
3. HOW WE USE YOUR DATA
3.1 Lawful Bases for Processing
We process your personal data only where we have a valid legal basis:
| Lawful Basis | Processing Activities |
|---|---|
| Contractual Necessity (Article 6(1)(b) UK GDPR) | Account management, charging sessions, payments, payouts, customer support |
| Legal Obligation (Article 6(1)(c) UK GDPR) | Tax record retention (6 years), fraud prevention, law enforcement requests |
| Legitimate Interests (Article 6(1)(f) UK GDPR) | Security monitoring, service improvement, analytics, direct marketing (to existing customers) |
| Consent (Article 6(1)(a) UK GDPR) | Marketing communications (where consent required), optional cookies |
3.2 Specific Processing Purposes
3.2.1 Service Delivery
- Creating and managing user accounts
- Facilitating charging sessions between Hosts and Guests
- Processing payments and Host payouts
- Sending transactional notifications (session receipts, payment confirmations)
- Providing customer support
3.2.2 Security and Fraud Prevention
- Monitoring for suspicious activity
- Preventing and investigating fraud
- Enforcing our Terms and Conditions
- Protecting the safety of users
3.2.3 Legal Compliance
- Responding to lawful requests from authorities
- Maintaining records for tax and accounting purposes
- Complying with anti-money laundering obligations
3.2.4 Service Improvement (Legitimate Interest)
- Analysing usage patterns to improve the Platform
- Conducting research and development
- Testing new features
3.2.5 Marketing (with appropriate basis)
- Sending promotional communications (with consent or where permitted under PECR for existing customers)
- Personalising your experience
You can opt out of marketing communications at any time by:
- Clicking "unsubscribe" in any marketing email
- Adjusting your notification preferences in account settings
- Contacting us at team@kdenergy.co.uk
3.3 Legitimate Interests Assessment
Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights. Key considerations include:
| Processing Activity | Our Interest | Safeguards |
|---|---|---|
| Security monitoring | Protect platform and users | Automated systems, limited human review, data minimisation |
| Analytics | Improve service | Aggregated/anonymised where possible |
| Direct marketing (existing customers) | Grow business | Easy opt-out, limited frequency |
You have the right to object to processing based on legitimate interests. Contact us at team@kdenergy.co.uk.
4. DATA SHARING
4.1 Sharing with Other Users
| User Type | Data Shared | With Whom | Purpose |
|---|---|---|---|
| Hosts | Charger location (address), pricing, availability | Guests (publicly visible) | Service functionality |
| Hosts | Name (optional) | Guests using their charger | Trust and safety |
| Guests | Email (if provided) | Host (only after session) | Communication regarding session |
4.2 Third-Party Service Providers (Processors)
We share data with service providers who process data on our behalf:
| Provider | Data Shared | Purpose | Location | Safeguards |
|---|---|---|---|---|
| Stripe, Inc. | Payment data, identity verification data, bank details | Payment processing, Host onboarding, payouts | US (with EU/UK data centres) | Standard Contractual Clauses, DPA |
| Amazon Web Services (AWS) | All Platform data (encrypted) | Cloud hosting, data storage | EU-WEST-2 (London) | AWS DPA, encryption at rest and in transit |
| Monitoring/Analytics Providers | Usage data, device information | Performance monitoring, analytics | Various | DPAs in place |
Note: Your payment card details are processed directly by Stripe and are never stored on our servers.
4.3 Controller-to-Controller Sharing
In certain circumstances, we share data with parties who act as independent Data Controllers:
| Recipient | Data Shared | Purpose | Their Role |
|---|---|---|---|
| Hosts | Guest session data, email (if provided) | Dispute resolution, compliance with their legal obligations | Controller for data relating to their property/business |
| Law Enforcement | As required by law | Legal compliance | Controller |
| Tax Authorities | Transaction records | Tax compliance | Controller |
4.4 Hosts as Controllers
Important: When Guests charge at a Host's location, the Host may become a Data Controller for certain personal data relating to that interaction (such as the fact that a specific Guest used their charger, session timing, and energy consumed).
Hosts are responsible for their own compliance with data protection laws for any data they collect or receive through the Platform. GuestCharge provides Hosts with only the minimum data necessary for service delivery and dispute resolution.
4.5 Business Transfers
If GuestCharge is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any such change and any choices you may have.
4.6 Legal Requirements
We may disclose personal data where required by law or where we believe disclosure is necessary to:
- Comply with a legal obligation
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the safety of users or the public
- Protect against legal liability
5. DATA RETENTION
5.1 Retention Periods
We retain personal data only for as long as necessary:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account data (active users) | Duration of account + 6 years | Legal obligation (financial records) |
| Account data (deleted accounts) | Anonymised within 30 days; aggregated records for 6 years | Regulatory compliance |
| Charging session data | 6 years from session date | HMRC tax record requirements |
| Payment transaction data | 6 years | Legal obligation |
| Support correspondence | 3 years from resolution | Customer service, legal claims |
| Marketing consent records | Duration of consent + 3 years | Demonstrating consent |
| Security logs | 12 months | Security monitoring |
| Charger location data | Until Host removes charger or closes account | Service functionality |
5.2 Anonymisation
Where we retain data for analytics or historical purposes beyond the retention period, we anonymise or aggregate the data so that it can no longer identify you.
5.3 Soft Deletion
When you request account deletion:
- Your account is immediately marked as inactive ("soft delete")
- Personal data is anonymised within 30 days
- Transaction records are retained (with personal identifiers removed) for 6 years
- Backups are overwritten according to our backup schedule (maximum 90 days)
6. INTERNATIONAL TRANSFERS
6.1 Where Data is Processed
Your personal data is primarily stored and processed in the United Kingdom (AWS eu-west-2, London).
Some of our service providers may process data outside the UK:
| Provider | Location | Transfer Mechanism |
|---|---|---|
| Stripe | United States | UK-US Data Bridge, Standard Contractual Clauses |
| AWS | Within EU/UK | N/A (UK data residency maintained) |
6.2 Safeguards
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries the UK has deemed to have adequate protection
- Standard Contractual Clauses (SCCs): Approved contractual terms with data protection commitments
- Additional Technical Measures: Encryption in transit and at rest
You can request a copy of the relevant transfer mechanism by contacting team@kdenergy.co.uk.
7. YOUR RIGHTS
7.1 Summary of Rights
Under UK GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Request correction of inaccurate data |
| Erasure ("Right to be Forgotten") | Request deletion of your data in certain circumstances |
| Restriction | Request limited processing of your data |
| Data Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Where processing is based on consent, withdraw it at any time |
| Automated Decision-Making | Not be subject to decisions based solely on automated processing with legal or significant effects |
7.2 How to Exercise Your Rights
7.2.1 Self-Service
Many rights can be exercised through your account settings:
- Download your data (data portability)
- Update your information (rectification)
- Delete your account (erasure)
- Manage marketing preferences
7.2.2 Contact Us
For requests you cannot complete yourself:
Email: team@kdenergy.co.uk
Subject Line: "Data Subject Request – [Right]"
Include:
- Your full name
- Email address associated with your account
- Description of your request
- Any relevant details
7.2.3 Response Times
We will respond to valid requests within one (1) month. This period may be extended by up to two (2) additional months for complex requests, in which case we will inform you within the first month.
7.3 Identity Verification
To protect your data, we may need to verify your identity before processing requests. We will never ask for unnecessary information.
7.4 Limitations
Your rights may be limited in certain circumstances, for example:
- Where we need to retain data for legal compliance
- Where erasure would prejudice ongoing legal proceedings
- Where data is necessary to establish, exercise, or defend legal claims
We will explain any limitations when responding to your request.
7.5 Complaints
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us at team@kdenergy.co.uk.
8. SECURITY
8.1 Technical Measures
We implement appropriate technical measures to protect your personal data:
| Measure | Description |
|---|---|
| Encryption in Transit | TLS 1.2+ for all data transmission |
| Encryption at Rest | AES-256 encryption for stored data |
| Access Controls | Role-based access, multi-factor authentication for staff |
| Secure Infrastructure | AWS infrastructure with security certifications (ISO 27001, SOC 2) |
| Regular Testing | Penetration testing, vulnerability scanning |
8.2 Organisational Measures
| Measure | Description |
|---|---|
| Staff Training | Data protection training for all employees |
| Policies | Internal data protection and security policies |
| Vendor Assessment | Due diligence on third-party processors |
| Incident Response | Documented procedures for security incidents |
8.3 Your Responsibilities
You are responsible for:
- Keeping your account credentials confidential
- Using strong, unique passwords
- Logging out from shared devices
- Reporting any suspected unauthorised access
8.4 Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- We will notify the ICO within 72 hours where required
- We will notify affected individuals without undue delay where there is a high risk
- We maintain a breach register documenting all incidents
9. SPECIFIC PROCESSING ACTIVITIES
9.1 Location Data
9.1.1 Host Location Data
| What We Collect | Why | How Long |
|---|---|---|
| Charger address | Display to Guests for discovery | Until charger removed |
| GPS coordinates | Map display, distance calculation | Until charger removed |
This data is essential for the Service and cannot be made private while chargers are listed.
9.1.2 Guest Location Data
| What We Collect | Why | How Long |
|---|---|---|
| IP-based approximate location | Show nearby chargers | Session only |
We do not:
- Track Guest movement over time
- Access precise GPS location from Guest devices
- Share Guest location with Hosts
9.2 Payment Data
All payment card data is processed directly by Stripe. GuestCharge does not have access to full card numbers. We receive only:
- Last four digits of card number
- Card type and expiry month/year
- Transaction confirmation/status
For Host payouts, bank details are stored by Stripe as part of their Connect service.
9.3 OCPP Communication Data
Our Platform communicates with OCPP-enabled chargers. We collect:
- Charger status updates
- Meter readings
- Session start/stop events
- Error codes and diagnostics
This data is necessary for service functionality and billing accuracy.
9.4 Automated Decision-Making
We use automated processing for:
| Activity | Purpose | Human Oversight |
|---|---|---|
| Fraud detection | Block suspicious transactions | Flagged cases reviewed by staff |
| Risk scoring | Prevent abuse | Scores inform, not determine, decisions |
We do not make decisions with legal or similarly significant effects based solely on automated processing without human review.
10. CHILDREN'S PRIVACY
The Service is not intended for individuals under eighteen (18) years of age. We do not knowingly collect personal data from children.
If we become aware that we have collected data from a child, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at team@kdenergy.co.uk.
11. COOKIE POLICY
11.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners. Similar technologies include web beacons, pixel tags, and local storage.
11.2 How We Use Cookies
GuestCharge uses cookies and similar technologies for the following purposes:
11.2.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function and cannot be switched off. They include:
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| Session ID | GuestCharge | Maintains your authenticated session | Session (expires on browser close) |
| CSRF Token | GuestCharge | Security - prevents cross-site request forgery | Session |
| Load Balancer | AWS | Ensures reliable service delivery | Session |
Without these cookies, the Platform cannot function properly.
11.2.2 Functional Cookies
These cookies enable enhanced functionality and personalisation:
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| Preferences | GuestCharge | Remembers your settings and preferences | 1 year |
| Language | GuestCharge | Stores your language preference | 1 year |
11.2.3 Analytics Cookies
These cookies help us understand how visitors interact with our Platform:
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years |
| ga* | Google Analytics | Stores session state | 2 years |
| _gid | Google Analytics | Distinguishes users | 24 hours |
Analytics data is anonymised where possible and is used only to improve our service.
11.3 Third-Party Cookies
Some cookies are placed by third-party services that appear on our pages:
| Provider | Purpose | More Information |
|---|---|---|
| Stripe | Fraud prevention, payment security | Stripe Privacy Policy |
| Google Analytics | Usage analytics | Google Privacy Policy |
11.4 Managing Cookies
11.4.1 Browser Settings
You can control cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
Note: Blocking all cookies will affect the functionality of this and many other websites.
11.4.2 Browser-Specific Instructions
| Browser | Instructions |
|---|---|
| Chrome | Settings > Privacy and Security > Cookies |
| Firefox | Settings > Privacy & Security > Cookies |
| Safari | Preferences > Privacy > Cookies |
| Edge | Settings > Privacy, search and services > Cookies |
11.4.3 Opt-Out Links
You can opt out of analytics cookies using these links:
- Google Analytics: tools.google.com/dlpage/gaoptout
11.5 Do Not Track
Some browsers include a "Do Not Track" (DNT) feature. There is currently no industry standard for interpreting DNT signals, and we do not currently respond to DNT signals.
11.6 Updates to This Cookie Policy
We may update this Cookie Policy from time to time. Changes will be reflected in the "Last Updated" date of this Privacy Policy.
12. CHANGES TO THIS POLICY
We may update this Policy from time to time. Changes will be communicated through:
- Email notification to your registered address
- Prominent notice on the Platform
- Update to the "Last Updated" date
Material changes affecting your rights will be notified at least thirty (30) days before taking effect.
Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.
13. CONTACT US
KD Industries Ltd (trading as GuestCharge)
| Purpose | Contact |
|---|---|
| Data Protection Enquiries | team@kdenergy.co.uk |
| General Support | team@kdenergy.co.uk |
| Legal Notices | team@kdenergy.co.uk |
Postal Address:
Data Protection Officer
KD Industries Ltd
69 Marlborough Place, London, NW80PT, United Kingdom
Company Registration Number: 16052026
14. ADDITIONAL INFORMATION FOR EEA/EU USERS
If you are located in the European Economic Area:
- Our EU Representative is: Not required (centrally managed in the UK)
- Transfers to the UK are covered by the EU adequacy decision for the UK
- You may contact your local data protection authority for complaints
BY USING THE GUESTCHARGE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Last Updated: 19 January 2026
For data protection enquiries, contact us at team@kdenergy.co.uk