Privacy Policy

1. General:
   • We, Scala Smart Energy Ltd., Co. no. 514763465 (“Scala”, the “Company”, “we”, “ours” or “us”) thank you for choosing to use the Company’s services, which include:

• The website www.scala-energy.co.il and any other website or subdomain that we operate (hereinafter: the “Website”); and (2) Scala’s mobile phone application software (hereinafter: the “Application”). (The “Website” and the “Application” shall be referred to together hereinafter as the “Services”).
  • This Privacy Policy was created out of a commitment to protect your personal data and information, its purpose is to help you understand what information we collect, why we collect it, what uses are made of it, whether it is transferred/shared with others and why. As well as to help you understand how

to exercise your rights under the privacy protection laws applicable to us and in particular under the Privacy Protection Law, 5741- 1981. Rights such as updating information, managing information and deleting it. Furthermore, in this policy you will find the information security and privacy practices we use to maintain the privacy and security of information.

2. Definitions:
   • “Personal Information” means any information relating to an identified or identifiable individual, including through a combination of several details, inter alia: name, identity number, address, telephone number, geographical location, medical information, financial information, biometric information, information relating to personal characteristics, IP address, device identifiers and signals, etc.
   • “Information of Special Sensitivity” means any of the following – personal information about the privacy of a person’s family life, personal privacy and sexual orientation; personal information relating to a person’s health, including medical information; genetic information; a biometric identifier used or intended to be used to identify a person or to verify their identity in a computerized manner; personal information about a person’s origin; a person’s criminal history; a person’s political opinions or religious beliefs or worldview; a personality assessment conducted by a professional; location data and traffic data; data on a person’s salary and financial activity; Personal information subject to a confidentiality obligation determined by law (hereinafter: “Information of Special Sensitivity”).
   • “Non-Personal Information” is information that is not related to a specific person or that cannot be used to identify a specific person.
   • The restrictions and obligationsset forth in this policy regarding the manner of collection, use, disclosure, transfer, storage and retention of personal information do not apply to non-personal information.
3. Collection of Personal Information:
   • In the framework of your use of the application, the website, and/or any other technology on behalf of the Company, whether in the context of consuming the Company’s services or visiting them; and/or in the context of providing the services to you and/or in the context of operating the service; and/or your interest in the Company’s services and/or when contacting the Company for support, inquiries or service requests; and/or when visiting the Company’s branches or using frontal services, you may be required to provide personal information about yourself and/or personal information may be collected automatically by using the aforementioned technologies subject to your consent to where required and/or in accordance with regulatory requirements and other laws applicable to the Company.
   • Personal information that will be provided and/or collected automatically may be:
     • Identification and Contact Information: When you use the Services and/or when you register for them, you will be required to provide personal information such as your full name, email address, phone number, password, and sometimes also a username or customer ID.
     • Email address for identity verification and secure access: During registration for the Service, we may perform an identity verification process to secure the Service and prevent unauthorized use. In this context, we may use the email address you provided to send a verification code or link.
     • Information provided in inquiries to the Company: When you contact the Company, including through the “Contact Us” form on the website, in the Application or by email, the Company may collect personal information such as your full name, email address, phone number, the subject of the inquiry and the content of the inquiry.
     • Technical information about the vehicle: You may be required to provide technical information about the vehicle(s) you use, including the vehicle manufacturer and model, year of manufacture, license number, chassis number (VIN), VID number or MAC address or communication component.
     • Geographical Location data: When you use the application, we may collect and process the geographical location data of your device for the purpose of providing the services, analyzing activity, improving the user experience and ensuring the proper operation of the service. The locations of charging  activitiesyou have performed (such as the location of the charging station or service point) may be retained in our systems for the purpose of documenting the activities, issuing invoices, providing support and other operational uses. You can adjust the location sharing settings on your device,  howevercertain features of the service may not function without access to location data. Additional location data, if collected, is not retained on a continuous basis and is not associated with your identity, unless required for the purpose of providing the service or by law.
     • Information on payment methods and transactions:
       • For the purpose of billing, transaction verification and payment processing, we use external payment providers. Credit card details (including credit card number, verification code (CCV), pin code ) are not stored by us but are provided directly to the providers handling payment processing. We only store an encrypted token generated by the payment provider, without storing the credit details themselves. The token is stored and processed in accordance with applicable law and accepted security standards.
       • Private customers: Payments made by private customers are processed through Ampeco, an external payment system, while the processing and settlement of payments are performed by external clearing providers who act as independent parties for billing and transaction verification purposes, such as PayMe.

For more information, please refer to the privacy policies of the relevant providers: PayMe Privacy Policy; https://payme.io/privacy ; Ampeco Privacy Policy; http://ampeco.com/privacy-policy ; Customer billing and invoicing is performed using a dedicated billing system, BillRun.

• Business Customers: Customer billing and invoicing for business customers are performed using the BillRun system which uses CreditGuard services for payment processing. For more information about how data is processed by these systems, please refer to their privacy policies: CreditGuard Policy; https://comm.bill.run/privacy; https://www.creditguard.org/privacy/;
• The Company may share with these providers data required for payment processing, fraud prevention and technical support, subject to appropriate confidentiality and data security obligations.

• Data on the use of the services:
  • During your use of the services, information is collected regarding your use of them, including dates of use, charging quantities, location of charging stations, payment details, frequency and duration of use, performance data and any other information required for operation, control, billing, service improvement or technical support.
  • In addition, when using the services, certain technical information may be collected automatically using cookies and analytics tools, such as:
  • Technical information transmitted from the device and statistical information, including your IP address, browser type, operating system, end device model and more.
  • Information related to the scope and form of use of the services, including date and time of use, duration of use, frequency of use, usage history, wireless connections, web pages viewed, interactions you have made on the site, etc.
  • The website/application uses (“Cookies”) and similar technologies for the purpose of proper and ongoing operation, information security, analysis of usage patterns, improvement of the user experience, as well as for the purposes of personalized advertising and marketing. Some cookies are essential for the proper operation of the website/application, and blocking them may impair the user experience and/or prevent the use of certain services. The user may, at any time, change his browser settings and block the use of cookies or delete them.
  • The types of Cookies used include: Operational Cookies – which are required for the proper operation of the website and services; Analytic/Statistical Cookies – allow for analysis of website usage; Advertising and Marketing Cookies – personally customized to user preferences; Third-party Cookies – including Meta / Google external advertising systems or analytics tools.
  • In any inquiry regarding the use of Cookies and/or if you have reasonable grounds to assume that any of the provisions from the above-mentioned provisions has not been met, we would appreciate it if you would inform the Company immediately at the email address: [email protected]

 

4. Purposes of collecting information:
   • The Company uses the personal information collected, in whole or in part, for the purposes set forth hereafter:
     • Provision and operation of the services:
       • For the purpose of providing, managing, operating, maintaining and improving the services provided through the application, the website or any other system of the Company;
       • For the purpose of verifying the identity of users, identifying authorized access to certain areas or services, and preventing unauthorized use;
       • For sending notifications and updates regarding the Services, including technological changes, system updates, scheduled maintenance or improvements to the Service.
     • Improving the Service and User Experience:
       • For the purpose of analyzing usage trends, improving processes, user experience and performance of the Services;
       • For processing statistical and anonymous data for internal analysis, generating business insights and improving the Company’s services in the future.
     • Marketing, advertising and mailing:
       • For the purpose of advertising and targeted marketing, subject to the “Direct Electronic Mailing” section of this Policy, including the display of content on the website and on external platforms (such as Google Ads and Meta).
       • To send offers, benefits, marketing messages, operational messages, updates, newsletters and additional information via email, SMS or any other means of communication in accordance with the provisions of the law;
     • Information security and compliance with the law:
       • For the purpose of maintaining the integrity and safety of the services, protect against attempted intrusion or misuse, detect and investigate technical malfunctions or security incidents;
       • For the purpose of complying with the provisions of the law, judicial orders, regulatory requirements or instructions of competent authorities;
       • For the purpose of protecting the rights of the company, its employees, its customers or other third parties, in the event of a dispute or legal proceeding.
     • Customer service and support:
       • For the purpose of providing customer service, handling inquiries and technical malfunctions, including following up on requests in order to improve the availability and quality of the service.
       • Employees of the service, support, maintenance or development teams may be granted access to personal information required to perform their duties, subject to the Company’s confidentiality and security policies, which prohibit the use of information for any other purpose.
     • Merger, sale or bankruptcy: In the event that we are acquired and/or merged with a third party and/or in the event of bankruptcy and/or a similar event, we reserve the right to transfer or assign personal information in the cases mentioned above.

5. The manner in which we use personal information:
   • We may use the personal information you provide to us and/or the information collected by us in the following ways:
     • Transfer of information, sharing and disclosure:
       • The Company may share personal information with third parties that process personal information on its behalf for the purposes of its activities (such as external suppliers, cloud storage services, marketing services, management systems, e-mail providers, etc.) (hereinafter: “Third Party Service Providers”). This may include transferring Personal Information to third parties acting on its behalf, and located outside of Israel; We may also share personal information with manufacturers or distributors of hardware located at our charging points, as required for the purpose of investigating hardware failures/ malfunctions  and resolving technical issues. In addition, information may also be transferred in the future to subsidiaries or affiliated companies, if any, in the future for the purpose of providing services to the Company.
       • The information that will be transferred includes personal information and will be information that is relevant for the purpose of carrying out the purposes specified above only. The transfer of such information will be carried out in accordance with the provisions of the applicable law, including the Privacy Protection Law, 5741-1981, the Patient Rights Law, 5756-1996, and under adequate protection mechanisms.
       • The Company will not transfer your personal information and the information collected about your activity on the website to third parties, except in the cases set forth hereafter: If your active and explicit consent has been provided, if such transfer is necessary for the provision of services by third parties; in the event of a legal dispute between you and the Company that requires the disclosure of your information; a judicial order requiring the provision of your information or information about you to a third party; for the purpose of law enforcement or in the event of illegal activity; in the case of a transfer of operations or corporate reorganization, provided that the acquiring party undertakes to act in accordance with this Privacy Policy.
       • Third-party advertisements: The Company may allow external advertising companies to display advertisements and services on the website/application. These companies may place cookies or other tracking technologies for the purpose of managing advertisements. The use that these companies will make of the information is subject to their privacy policies only.
       • Cloud services: The Company may share personal information with ‘cloud’ service providers. For example, but not limited to, in the event that the cloud service provider needs access to personal information for the purpose of information security or the security of the Company’s website. In such cases, the cloud service provider is required to comply with the Company’s privacy and information security policy, and is not permitted to make any use of the information transferred to it, except for the purpose for which it was transferred.
     • The manner in which the information is stored and transferred:
       • For the purpose of operating the website/application and providing the services, the Company uses external cloud service providers (such as: storage servers, e-mail providers, etc.). These service providers may store and process personal information on behalf of the Company, subject to the obligation to comply with the provisions of the law and accepted standards of information security.
       • In order to provide the services and manage its business, the Company may process information through third parties. The Company transfers the minimum data required for these purposes and only to suppliers approved and examined by it.
       • After the need and/or purpose of collecting the information has ended, the Company will ensure that it is deleted or transformed into non-identifying (anonymous) information, unless it is obligated to retain it by law.

6. Electronic Direct Mailing:
   • During your use of the Service, we may send you from time to time messages of an operational or service nature, relating to the proper management of the services provided to you (including technical updates, confirmations of operations, notifications of malfunctions, changes in account information, security updates, etc.). These messages are sent as part of the service provided to you, and for the purpose of implementing the agreement between us.
   • The sending of such advertising and marketing materials will only be done after your express consent to receive them has been given in advance, in accordance with the provisions of the law.
   • At any time you may withdraw your consent and/or request to stop receiving direct mailings, by clicking on the removal link that appears in each e-mail message sent to you, or by sending a request to the email address: [email protected]
   • The Company will act to remove you from the mailing list within a reasonable period of time from the date of receipt of your request.
   • It is clarified that the Company does not provide your personal information to third parties for the purpose of direct mailings. However, the Company may provide aggregate statistical information that does not personally identify you, for the purpose of analysis, improvement and marketing its services.
7. Non-Personal Information:
   • Since non-personal information cannot be used to identify a specific person, the Company has the right to use it in any way that is not prohibited by law.
8. Information security:
   • Scala is committed to protecting personal information and data, and for this purpose uses appropriate and commercially acceptable technological measures to ensure Information security and to protect against loss, misuse or alteration. However, these measures do not provide absolute security since no server, network, database, Internet connection or email system is completely immune to security failures or breaches. Therefore, you should carefully consider what details you choose to share and with whom you share them.
   • The company implements a combination of legal, organizational and technological measures to reduce the risk ofdata leakage / data loss, theft or unauthorized use of personal information. These measures include, among others, internal authorization controls, physical security measures, and limiting access to personal information only to employees and authorized suppliers, subject to their obligation to maintain confidentiality.
   • Scala will not be liable for any damage whatsoever caused to the user or a third party as a result of the loss of personal information and/or unauthorized use of personal information due to an event beyond the control of the company and/or resulting from force majeure, and/or software or hardware or communication disruptions beyond its control.
9. Rights of the data subject:
   • According to the Privacy Protection Law, 5741 – 1981, every person is entitled to review the information about him held in a database. A person who has reviewed the information about him and found it to be incorrect/incomplete/unclear/not up-to-date may contact the company by email at [email protected] requesting to correct the information or delete it.
   • Also, if you wish to delete or correct some of your personal information, you can do so through the personal area in the application independently, including details such as payment methods, password and contact information.
   • A data subject who requests additional details regarding the collection of information under this policy, or if concerns arise regarding the use of information collected under this policy or regarding a violation of his right to privacy, can contact: [email protected]
   • In requests for review and correction as described above, and for the purpose of verifying your identity, we  may ask you to provide certain  identifying details.
   • Notwithstanding the aforesaid, we would like to inform you that in accordance with the provisions of the law, the Company is required to retain some of the information about you and may be required to retain it even if you have requested to delete it.
   • Requests to exercise rights will be processed within 30 days of their receipt, in accordance with the provisions of the law.
   • In addition, if the information in the Company’s databases is used for direct mailing (personal contact with you), you are entitled under the Privacy Protection Law, 5741 – 1981:
     • To demand in writing that the information relating to you be deleted from the database;
     • To limit the provision of information to third parties, whether specific or not, for a limited or fixed period of time.

10. Consequences of not consenting to the processing and use of information: You may choose whether to provide or disclose personal information. If you choose not to provide certain information, you may not be able to access and/or use certain features of the services.
11. Changes to the Privacy Policy:
    • The Company’s services may change from time to time and/or the privacy protection laws in Israel may change from time to time, therefore, as a result, this Privacy Policy will also be updated. The Company reserves the right to update, change or make adjustments to the Privacy Policy at its discretion at any time (hereinafter: “Updates”). Updates to the Privacy Policy will be published with a ‘Last Updated’ date at the top of this Policy. It is the Customer’s responsibility to review the contents of these updates. Please review the Privacy Policy from time to time, and in particular before providing any personal information. This Privacy Policy was last updated on the date indicated above and the continued use of the Services after the implementation of changes to the Policy indicates acceptance thereof. If you do not accept any change, you must cease using the Application and any receipt of services therein.

 

12. Miscellaneous:
    • This Privacy Policy does not apply to any personal information transferred by the Data Subject to third parties.
    • This Privacy Policy applies to the Application/Website and the services therein, it does not apply to third-party websites linked to the Application/Website or third parties whose services or products are distributed by the Company. Links and references found in the Application/Website of the Company’s do not indicate the Company’s support for these websites or services or that the Company has conducted any review of them. The Company recommends contacting the third party for clarification about the privacy policy in force in its organization.
    • If any provision appearing in this Privacy Policy is found to be illegal, void or unenforceable for any reason, then this provision will be deleted from the Privacy Policy and its deletion will not affect the legality and validity of the remaining sections. In this case, another similar provision existing and/or implied will be enforced in place of the canceled provision.

 

13. Contacting the Company regarding the Privacy Policy:
    • The Company’s contact details are:

Address: 20 HaTa’ash St., Beit HaPa’amon, Kfar Saba.

Telephone * 8299 | 09-7711151

Email: [email protected]

The Company undertakes to make reasonable efforts to respond to inquiries and complaints.

Last updated: December 2025