Ride On Dundee
- Identity and contact details of the Data Controller
- Purposes, Lawful bases for the processing of User personal data and retention periods
- Security Measures
- Personal data recipients
In accordance with Regulation (EU) 2016/679 (hereinafter, “GDPR”) and the UK Data Protection Act 2018 (henceforth, “DPA2018”), the User is hereby informed that the Data Controller responsible for the processing of his/her personal data is Ride On Ride On Scotland LTD, a company domiciled at 15 Atholl Crescent, Edinburgh, Midlothian, United Kingdom, EH3 8HA, and duly registered under VAT Number: SC610664. In the event that the User has any questions regarding the processing of his/her personal data, he/she may contact RideOn at the following email address: firstname.lastname@example.org.
Users are hereby informed that RideOn may process their personal data for the following purposes:
|Purpose||Lawful basis||Retention period|
|User registration on the Website. This purpose allows RideOn to carry out all relevant activities that are necessary to complete the registration procedure in the Website, including authorising RideOn to send electronic communications to the User in order to validate his/her registration.||Consent[Article 6(1)(a) GDPR] Consent shall be deemed to have been granted by the User when he/she ticks the consent box provided in the registration form, accepting RideOn Terms & Conditions, Rental Agreement and this Policy.||RideOn may process User personal data for the duration of his/her condition as registered User of the Website and/or until he/she requests cancellation or erasure of his/her Personal Data. Subsequently, RideOn may retain User personal data duly blocked for a period of 5 years.|
|Management of the services offered by RideOn. This purpose allows RideOn to process User personal data to manage any matters related to the services offered by RideOn, including but not limited to: managing subscriptions and transactions within the Website, e-bike rentals, tracking of trip routes through location devices that are installed in the bicycles with the sole purpose of accrediting invoices by displaying the precise route used during his/her use of the services. In addition, RideOn may provide Users with an accurate map location of the Bicycles if the User consents to such use of his/her mobile device location data etc. Lastly, this purpose also allows RideOn to conduct statistical studies with User information to improve its service and/or design new functionalities for the Website.||Processing is necessary for the performance of a contract to which the User is party [Article 6(1)(b) GDPR] The processing of your personal data for the purposes contained in the first paragraph of the left column (including tracking of routes to accredit invoices) is necessary to comply with the provisions envisaged in the terms and conditions of use and Rental Agreement that the User previously accepted during his/her registration process. Users are hereby informed that all RideOn vehicles have location sensors in order to ensure an adequate calculation of the route that will help us calculate the aggregate price for the consumed services. Users hereby acknowledge that the bicycle location system is necessary for the contractual relationship between the User and RideOn. In addition, and with the purpose of providing the User with a more accurate representation of his/her location within the map of the city in which RideOn’s bicycles are available as well as the exact location of such bicycles, RideOn’s mobility services require the processing of User device location data. In this respect, and prior to the use of said location data, RideOn will ask Users for permission/consent to use their device location data. Said consent may be requested through a banner displayed in the mobile device requesting for the activation of location services. Rejecting such permission will not affect the services. Nevertheless, Users are hereby informed that rejection of said consent will impede RideOn to accurately display user proximity with respect to the location of its vehicles.||RideOn may process User personal data for this purpose for the duration of his/her condition as a registered User of the Website and/or until the User requests cancellation or erasure of his/her Personal Data. Subsequently, RideOn may retain User personal data duly blocked for a period of 5 years. In relation to the use by RideOn of User device location data to offer map location services, RideOn may process such data indefinitely unless the User revokes his/her consent through his/her specific mobile settings (by deactivating the use of device location device through the mobile settings). With regards to the use of User personal data to conduct statistical analysis, all personal data will be duly anonymized, making it impossible to identify Users and ensuring that the anonymization process is not reversible. After anonymizing the data, RideOn may process the statistical and irreversible information indefinitely.|
|Sending of commercial communications (discounts, promotions and special offers) regarding RideOn products and services that may be of interest to the User and that are linked with the provided bicycle services This purpose allows RideOn to send electronic commercial communications regarding those RideOn products and services that are similar to the contracted User services, including but not limited to special offers and discounts to be applied to the bicycle services.||Legitimate Interest in processing the personal data for direct marketing purposes [Article 6(1)(f) GDPR and Section 22(3) of the Privacy and Electronic Communications (EC Directive) Regulations 2003] In particular, RideOn may send electronic commercial communications to Users regarding RideOn’s own products and/or services provided such products and/or services are similar to the contracted products/services and in any case, provided Users have a current, binding contractual relationship with RideOn through User acceptance of the RideOn Terms & Conditions and Rental Agreement.||RideOn may process the personal data indefinitely until the User unsubscribes/refuses (objects) to the processing of his/her personal data for such purpose. Users may unsubscribe/refuse to the processing of their personal data for the purpose described herein through the unsubscription procedure provided in every communication he/she receives.|
|Manage and resolve inquiries and other User requests concerning RideOn Services. This purpose allows RideOn to process User personal data to resolve any incident (regardless of its nature) that registered Users may have during their use of the RideOn services (notify defects in the bicycles, system failures, claim reimbursements, etc.)||Processing is necessary for the performance of a contract to which the User is party [Article 6(1)(b) GDPR] In particular, the processing of your personal data for these purposes is necessary to ensure RideOn complies with the provisions envisaged in the terms and conditions of use of the Service and Rental agreement that the User previously accepted during his/her registration process.||RideOn may process User personal data until settlement or resolution of the relevant incident and/or enquiry. Subsequently, RideOn may retain User personal data duly blocked for a period of 6 years.|
|Collection of user's image and documentation to identify the user. This processing allows RideOn to identify the user and prevent fraud and identity theft by collecting a photograph of the user and verifying the user's identity by comparing the photograph with the image printed on an official identification document.||Processing is necessary for the performance of a contract to which the User is party [Article 6(1)(b) GDPR] In particular, this process is necessary to avoid fraud situations such as identity theft.||Once the user's identity has been verified, the data will be duly blocked for a period of 1 year in order to fulfill the liabilities that may arise from this processing.|
In accordance with both GDPR and DPA2018, RideOn will process User personal data for the purposes set above. Once these purposes become unnecessary or have been terminated, RideOn will keep User personal data duly blocked for the retention periods that are also displayed above. The blocking of personal data implies that RideOn may only process User personal data collected for any of the above purposes to address any liabilities that may arise in connection to said purposes. RideOn guarantees to delete User personal data upon the statute of limitations of the above retention periods.
RideOn has adopted the levels of security for the protection of personal data legally required by the regulations in force and has installed adequate technical and organisational measures with the objective of guaranteeing the security of User personal data. As such, RideOn security measures have been designed to protect User personal data against its destruction, loss, misuse, alteration, unauthorised access and/or theft. RideOn has designed its security measures on the basis of criteria such as the scope, context, purposes of the processing, current state of the art and the existing risks of a particular processing activity.
The personal data may be transferred to the following third-party recipients:
- RideOn Subsidiaries and affiliates. To manage the use of RideOn’s mobility services in the different territories in which RideOn is present
- Banking entities, to validate transactions and payment for the use of RideOn’s services.
- To competent public administration entities and organs including local governments or city/town councils if RideOn is legally required to provide them with User personal data.
In addition, some entities subcontracted by RideOn may have access to User personal data and information as RideOn Data Processors. These entities will process User personal data on behalf of RideOn and in any case, in accordance with RideOn’s instructions and in strict compliance with GDPR and DPA2018.
In this regard, RideOn's data processor, Alice Biometrics S.L. with VAT B27872217 and registered office in Fonte das Abelleiras Street, Vigo, 36310 , Pontevedra, Spain, will carry out the process of user verification in order to avoid frauds and identity theft.
As mentioned above, in order for RideOn to provide a uniform service that enables Users to make continuous use of the services in every country in which RideOn operates, User personal data will be communicated to RideOn subsidiaries and affiliates, some of which may be located in third-countries outside the European Economic Area (EEA).
In this regard, and in accordance with Chapter 5 DPA 2018, RideOn will only communicate User personal data to those subsidiaries and affiliates that are capable of providing adequate safeguards or that are located in an adequate territory duly recognised by the European Commission.
Users may exercise any of the rights set out below before RideOn. In order to exercise such rights, Users must send a request, together with a copy of your ID card, Passport or equivalent document, to the following e-mail address: email@example.com
If the request does not meet the necessary requirements, Users are hereby informed that RideOn may request its amendment.
|Right of access||Consult what User personal data is being processed by RideOn|
|Right to rectification||Modify the personal data that is being processed by RideOn when said data is inaccurate.|
|Right to object||Request RideOn not to process Users’ personal data for certain specific purposes.|
|Right to erasure||Request RideOn to remove Users’ personal data.|
|Right to restriction of the processing||Request RideOn to limit the processing of Users’ personal data.|
|Right to data portability||Request RideOn to provide Users’ with their information in a computer readable format.|
Additionally, if Users consider that RideOn has not adequately dealt with their data subject rights request, they may lodge a complaint against RideOn before the competent Supervisory Authority.
Our Website and services are not intended for Users under 16 years of age. No one under 16 may provide any information to RideOn through the Website. We do not knowingly collect personal data from children under 16. If a potential User is under 16, he/she must not use or provide any personal data through our Website or through any of its features, or provide any information about himself/herself to RideOn, including your name, address, telephone number, email address, or any screen name or user name he/she may use.
In addition Users between 16-18 years old may register within RideOn and make use of our services in accordance with RideOn’s terms & Conditions provided they have obtained parental authorisation from their tutor or legal guardian. To this extent, Ride On understands that consent is given upon acceptance of the check-box intended for this purpose, which indicates that the minor has the consent of the legal representative.
If we learn that we have collected of received personal data from a potential User under 16, we will delete that information. If you believe we might have any information from or about a child under 16 or between 16-18 but with no parental consent, please contact us at firstname.lastname@example.org so we can further examine the case.
It is our policy to post any changes we make to this Policy. If we make material changes to how we process User personal data, RideOn will notify Users by email to the email address that has been specified by the User in his/her account. The date this Policy was last revised is identified at the top of the page. Users are responsible for ensuring that their email addresses are duly updated in order for RideOn to be able to communicate any amendment of this Policy.