We collect, process and use personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be used if a legal permission or consent has been obtained. We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the provisions of data protection laws are observed and thus to protect the data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
What personal data we collect
We may use the Cloudbike platforms to collect the following personal data and at the specified times:
- Your first and second name when you first register with us to identify you,
- Email address when you first register with us, to identify you, verify your order, keep you updated of and provide important communication on the progress of your order and send you information you might be interested in,
- Payment information, when you first register with us and at any other point of your subscription to complete your order,
- Encrypted credit card data when you first register with us and at any other point of your subscription, to complete your order,
- Recorded calls when you contact our customer care team for internal training purposes and to solve user complaints.
In some circumstances, we may request additional personal data to help us to provide you with the most appropriate response. If you do not provide the personal data where requested, your access to the Service, or our ability to assist you, may be restricted.
Collection, processing and use of personal data
Personal data of the users is collected for some the following reasons:
- the rental of Cloudbike bicycles,
- registration of customers on the Cloudbike app,
- Cloudbike services and user achievements connected with it,
- bike usage data (e.g. location of the rental bike at the beginning and end of the rental period, parking processes and location of the bike, shall be collected insofar as it is necessary for the purpose of carrying out the contractual relationship with the customer and/or local government. This also includes the use of the data to detect and eliminate errors and malfunctions in the rental process and in the overall operation.)
- Rental transactions are collected and stored with start and destination times, This data can be viewed at any time in the customer account and shall be the subject of the invoice.
- User data is further passed on to our payment service providers in order to fulfil our contractual obligation/s with our customers
- When contacting Cloudbike, the information is stored in our customer service log for the purpose/s of processing the enquiry and in the event that follow-up questions arise.
- Personal data will be deleted if it is no longer necessary or if there is no legal obligation to store it.
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, are collected (so-called server log files): – Browser type and version – Operating system used – Website from which you visit us (referrer URL) – Website you are visiting – Date and time of your access – Your Internet Protocol (IP) address. These anonymous data are stored separately from any personal data you may have provided and thus do not allow any conclusions to be drawn about a particular person. They are evaluated for statistical purposes in order to optimize our website and our offers.
We offer you the possibility to register via the Cloudbike app. The data entered in the course of this registration is collected and stored exclusively for the use of our offer.
Transmission of data to payment service providers
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned to process payments. There will be no further transmission of your data, e.g. for advertising purposes. For processing our payments we use the payment provider Stripe for recurring credit card payments.
Rights of the data subject
If personal data is processed of you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible: If such processing has taken place, you can request the following information from the person responsible:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
Right to rectification
You have a right of rectification and/or completion if the personal data processed concerning you are incorrect or incomplete. If you advise us that your personal data is no longer accurate, we will amend or update it (where practical and lawful to do so). You can tell us about any inaccurate data by contacting our customer support team firstname.lastname@example.org.
Right to restriction of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to erasure
You can ask us to delete or restrict your personal data in some circumstances such as where we no longer need it or you withdraw your consent (if consent is applicable). We might be required to store some or all of your data to fulfill our legal reasons. If we’ve shared it with others, where possible, we’ll let them know about the erasure. If you wish to exercise this right, please contact the customer support team info@cloudbike.
Opt-Out of Marketing and Promotions
You have the right to opt out of receiving direct Marketing and Promotions communications by:
- clicking on the relevant ‘unsubscribe’ link in the email;
- contacting us at email@example.com
If you withdraw, where it has been provided, your consent to receive any further Marketing and Promotions communications from us, we will not contact you further for the purpose of direct marketing. This will not prevent you from using any of our Cloudbike platforms.
Third Party websites
These websites are not covered by this policy unless otherwise specified in this Policy.
Security of personal data
Your personal data (and commercial information) will be kept as confidential and as secure as possible. We employ appropriate technical and organisational measures consistent with our legal obligations and standard industry practice. Further, as required by the European General Data Protection Regulation 2016 we follow strict security procedures in the storage and disclosure of personal data which you have given to us, to prevent unauthorised access as far as reasonably possible.
Cloudbike uses Dropbox to store data. Dropbox is designed with multiple layers of protection, distributed across a scalable, secure infrastructure. These layers of protection include:
- Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES)
- Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and our servers
- SSL/TSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption
- Dropbox applications and infrastructure are regularly tested for security vulnerabilitiesand hardened to enhance security and protect against attacks
- Two-step verificationis available for an extra layer of security at login
- If you use two-step verification, you can choose to receive security codes by text message or from an authenticator app
- Public files are only viewable by people who have a link to the file(s)
Other than to third party Data Processors governed by a data processing policy which replicates the terms of this policy, and as provided for in this policy, where it is necessary to involve a third party service provider for the performance of our contractual obligations or by operation of law, we will not transfer identifiable, non-aggregated personal data to third parties. We may receive and send information about you, including your personal data, if you use any of our
Platforms to our partners or sub-contractors (Data Processors) in technical, payment, identity verification and delivery services, analytics providers or credit reference agencies;
We only share your personal data with third parties in the following cases:
- Where it is necessary to involve a third party service provider, for the performance of our
contract with you in order to provide the Service (e.g. a payment processor when we charge you fees in relation to the Service);
- On the grounds of our legitimate business interests, namely:
o As part of the booking process, we may use multiple IT applications to provide the Service to you.
o With a service provider engaged in maintenance of our platforms;
o We use analytics and search engine providers to assist us in the improvement and optimisation of our Platforms.
- We may also disclose your information if required to do so by law or in a good faith belief that
such access, preservation or disclosure is reasonably necessary to (i) respond to claims
asserted against us (ii) to comply with legal proceedings, (iii) to enforce any policy with
emergency involving the danger of public health, death or physical injury to a person (v) in the
framework of investigation or (vi) to protect the rights, property or personal safety of
Cloudbike employees and representatives.
If you require further information on our Third Party processors you can contact us at firstname.lastname@example.org.
Transfers outside the European Union
Non-European countries may have data protection laws that are less protective than the legislation where you live. Where this is the case (such as the United States), our transfers of data will be regulated by standard contractual clauses relating to the transfer of personal data outside of the European Union (or outside of jurisdictions deemed “adequate” for data privacy by the European Union). We will not transfer your data outside of the European Union for any other reason than described in this policy, unless we are required to do so by operation of law.
Sale or Merger
If Cloudbike or its assets are sold to or merge with another entity you should expect that some or all of the personal data collected by us may be transferred to the buyer/surviving company. If so, we will seek to obligate the acquiring company to use any personal data transferred in a manner consistent with applicable legislation and this policy, but cannot guarantee that it will be able to impose that requirement or that the acquiring company will comply.
Retention of personal data
If you have provided us with personal data, your personal data will be retained for the duration of your subscription with our Cloudbike, the length of time required by applicable legislation, or otherwise a reasonable period of time (and we or our third party data processors will amend or delete your personal data when no longer required).
Should you wish to make any comments, complaints, enquiries or if you have any questions relating to this Policy, your rights, the Platform, our Marketing and Promotion materials or Services we provide, you may contact the Cloudbike support team by emailing or writing to:
De Moystraat 16
Changes to this Policy
This policy is subject to periodic review to ensure it is in line with applicable legislation. We retain all applicable ownership rights to information we collect. We reserve the right to change, modify, add or remove provisions of this policy. Any changes to this policy will be posted here, and we encourage you to check back from time to time.