Privacy Policy

    At Joulo, transparency is key • including when it comes to your data. When you visit our website, create an account or connect your charger, we receive information about you. This privacy policy explains clearly what we do with it and how we keep your data safe.

    Last updated: 10 June 2026

    1. When does this privacy policy apply?

    This privacy policy applies to all personal data processed by Joulo, through www.joulo.nl or other related channels. It applies to everyone who visits our website or has been in contact with us • from a first website visit to active customers collecting ERE credits through Joulo.

    Personal data is any data that can be traced back to you as an individual, such as your name, phone number, IP address, customer number or browsing behaviour. For more information, visit the website of the Dutch Data Protection Authority.

    2. Who uses my data?

    Joulo B.V. is responsible for the website www.joulo.nl and is therefore the organisation responsible for the use of your personal data as described in this privacy policy.

    Joulo B.V.

    Windheuvelstraat 10

    6971 JV Brummen

    The Netherlands

    CoC: 42023359

    VAT: NL869344109B01

    Email: info@joulo.nl

    3. Whose data do we process?

    We process the personal data of everyone who has been in contact with us or visited our website. This includes visitors, customers and contacts of our partners.

    4. How do we obtain your data?

    We receive your data directly from you when you:

    • visit our website
    • create an account on our platform
    • connect your charger or kWh meter to Joulo
    • enter information on our website
    • contact us via email, phone or other means
    • give consent for use of your data through one of our partners

    5. What data do we use?

    Below is a breakdown per category of the data we process and why:

    Identity & contact

    • First and last name
    • Home or business address (street, house number, postal code, city)
    • Email address
    • Phone number

    Payment details

    • IBAN account number • used exclusively for paying out ERE earnings. Your IBAN is stored encrypted in a secure vault and is not visible to staff.

    Charging data

    • kWh per charging session (automatically read via your charger integration)
    • Start and end time of charging sessions
    • Meter reading (Wh) at start and stop of a session
    • Calculated ERE credits per session

    Charger & meter data

    • Brand and model of your charger
    • Charger serial number
    • MID meter serial number (legally required for ERE registration)
    • Connection type (e.g. Tesla, Easee, OCPP)
    • OCPP Charge Point ID (if applicable)

    ERE registration data

    • EAN code of the charging point • the unique connection number used by the NEa to identify your charging location
    • ERE mandate acceptance (consent for registration with the NEa)
    • MID proof photo (optional, for verification of the built-in meter)

    Technical data

    • IP address and browser data when visiting the website
    • Login attempts and session data
    • Integration tokens for charger connections (stored encrypted)

    We do not process special categories of personal data, such as data about health, religion or ethnicity.

    6. What do we use your data for?

    We only process your personal data when the GDPR provides a legal basis for it. Per purpose:

    • Performance of the contract (art. 6(1)(b) GDPR): your account, the connection with your charging station, the registration of EREs with the NEa and paying out your earnings
    • Legal obligation (art. 6(1)(c) GDPR): our administration and retention duties towards, among others, the Dutch tax authority and the NEa
    • Legitimate interest (art. 6(1)(f) GDPR): securing our platform, preventing misuse and improving our services
    • Consent (art. 6(1)(a) GDPR): newsletters and analytics and marketing cookies. Withdrawing consent is always as easy as giving it

    7. How long do we keep your data?

    We keep your personal data as long as legally required and as long as necessary for the purpose for which it is used. As long as you are a customer, we keep your data in accordance with the legal retention period of seven years. Data about submitted ERE registrations is kept for as long as the NEa requires; we cannot delete it earlier.

    After that, we only keep your data for statistical purposes and to handle any complaints or legal matters. Contact us for more information on specific retention periods.

    8. With whom do we share your data?

    We only share your personal data when necessary for our services or when legally required. Specifically:

    • IT providers that run our platform: hosting and security (Cloudflare), database and login (Supabase) and email delivery (Resend)
    • The Dutch Emissions Authority (NEa), for the registration of your EREs
    • The partner through whom you signed up (for example an installer or energy company): they can see that you became a customer and the data needed to settle the partner fee
    • Competent authorities, when we are legally obliged to do so

    We sign data processing agreements (art. 28 GDPR) with providers that process data on our behalf. We never sell your data to third parties.

    9. Where do we store your data?

    We store your data within the European Economic Area (EEA). Some providers process data (partly) outside the EEA, for example when sending email or • after your consent • for analytics and marketing cookies from US companies such as Google and Meta.

    In those cases we ensure appropriate safeguards under Chapter V of the GDPR, such as the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses.

    10. How secure is your data?

    We take the security of your data seriously. A few concrete measures:

    • All connections to our platform are encrypted (https)
    • Sensitive data such as your IBAN and integration keys is stored encrypted in a separate digital vault
    • Access to data is strictly separated per account at database level
    • Meter photos are kept in restricted storage and can only be opened via secure links that expire
    • We log and monitor our platform to detect misuse early

    Only authorised personnel have access to your data. When we work with external parties, they are contractually obliged to treat your data with the same care. Suspect misuse? Report it to us immediately via info@joulo.nl.

    11. Your rights

    Right to information

    You have the right to clearly understand what we do with your data and what control you have. This privacy policy provides that explanation.

    Right of access

    You can request access to the data we hold about you at any time.

    Right to rectification

    You can request correction of incorrect or incomplete data.

    Right to object

    You can object to the processing of your data, particularly for direct marketing purposes.

    Right to data portability

    You can request that your digital data be transferred to another organisation.

    Right to restriction

    You can request that we limit the use of your data in certain cases.

    Right to erasure

    You can request deletion of all personal data linked to you. Data about submitted ERE registrations must be retained by law for the NEa; we cannot erase it earlier.

    Right to file a complaint

    You can file a complaint with the Dutch Data Protection Authority. We appreciate it if you contact us first, so we can resolve it together.

    Submit a request or complaint

    Send your request or complaint to: privacy@joulo.nl

    We aim to respond within 30 days.

    12. Which laws apply?

    This privacy policy complies with:

    • The General Data Protection Regulation (GDPR)
    • Applicable Dutch privacy legislation

    13. What cookies do we use?

    We use three types of cookies. Only the necessary ones are always placed; the rest only after you have given consent via the cookie banner.

    Necessary cookies (always active)

    • Login and sessions
    • Remembering your cookie choice

    Analytics cookies (after consent)

    • Google Analytics • to see how the website is used. Off by default via Google Consent Mode.

    Marketing cookies (after consent)

    • Google Ads, Meta (Facebook), LinkedIn and Reddit • to measure the effect of our ads.

    You can change your choice at any time via "Cookie settings" at the bottom of every page.

    14. Changes

    We may update this privacy policy, for example when our services or legislation change. The current version is always available on this page, with the date of the last update at the top.

    15. Questions about this privacy policy?

    Can't find your question or want to know more? We'd love to hear from you:

    We're happy to help.

    Questions about this privacy policy?

    Have questions or want to know which data we hold about you? Feel free to contact us at privacy@joulo.nl. We aim to respond within 30 days.