Pursuant to article 13 EU Regulation 2016/679
The protection of your privacy is one of our top priorities. We are committed to taking the most appropriate organizational and security measures in compliance with the EU Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”) and any other applicable regulation to protect the personal data you choose to entrust to us. We collect information about you (as a “User”) when you download our RideMovi App, register a new RideMovi account, use our bike-renting services (“Services”) and through other interactions and communications you may have with us. For more information about our Services click here: https://www.ridemovi.com/it/en/terms
2. The Data Controller. Who is responsible for the processing of your data?
3. Data Protection Officer contact details
For any question concerning your personal data you may contact also our DPO at firstname.lastname@example.org.
4. What data we collect and process
4.1. Data you provide directly to us
We collect information you provide directly to us, such as when you create or modify your account, request our Services, contact customer support, or otherwise communicate with us. This information includes: your name, email, phone number, postal address, payment method, services requested, and other information you choose to provide.
4.2. Information we collect through your use of our services
When you use our Services, we collect the following information about you:
- Location Information: When you use our bicycle-rental Services, we collect location data about your trip. To start and terminate the individual lease, we need to record the starting and final position of our bike, the distance travelled, and the time and date of lease.
- If you allow the RideMovi App to access your location through the permission system used by your mobile operating system such as iOS or Android (“Platform”), we may also collect the precise location of your device when the app is running in the foreground (app open and on-screen) or background (app open but not on screen). If you initially allow the collection of this information, you can later disable it at any time by changing the location settings on your mobile device. However, this will limit your ability to use certain features of our Services.
- Transaction Information: We collect transaction details related to your use of our Services, including the service requested, credit card details, date and time the service was provided, amount charged, and other related transaction details.
- When and how we use the Push Notification feature.
We use push notifications to communicate with you:
- When you park in not allowed areas.
- To remind you to lock the bike.
- To notify you of a fine as regulated by our Terms and Conditions.
- Device Information: We collect information about your mobile device, including, for example, the hardware model, operating system and version, preferred language, unique device identifier, serial number.
- Call and SMS Data: To facilitate our Services, we may communicate with you via call or SMS message through which we will collect the call data, including the date and time of the call or SMS message, your phone number, and the content of the SMS message. In particular, we may contact you by telephone (i) when we receive a report that the vehicle has been parked outside of permitted areas (e.g. in private areas) if it appears from our systems that you were the last user of the vehicle, (ii) to handle any complaints about charges for breach of our T&C.
- Log Information: When you interact with our Services, we collect server logs, which may include information such as device IP address, access dates and times, app features or pages viewed, app crashes and other system activity, type of browser,
Most mobile Platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent. The iOS platform will alert you the first time the RideMovi App requests permission to access certain types of data, for example, location, contacts, photo and camera and will let you consent (or not consent) to that request. Android devices will notify you of the permissions that the RideMovi App seeks before you first use the App, and your use of the App constitutes your consent. Please note that if you do not consent to the request you may not be able to access certain features of our Services.
4.3. Information we collect from other sources
We may also receive information from other sources and combine that with information we collect through our Services. For example:
- If you choose to link, create, or log in to your RideMovi account through a third party such as a social media (e.g. Facebook) or a payment provider (e.g., Apple Pay) or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you or your connections from that site or app.
5. Why we process your personal data and on what legal basis.
5.1. When processing of your personal data is necessary for the performance of a contract entered into with you or in order to take steps at your request prior to entering into a contract (article 6 (1) b. GDPR).
We use the information you provide to us (as described in section 4 of this policy) to carry out our bike rental Services in fulfilment of our contractual obligation with you as a User of the RideMovi App. Processing your personal data is necessary to provide you with our Services and allow us to provide you with the related customer support.
5.2. When the processing is necessary for the purposes of the legitimate interests pursued by us (article 6 (1) f. GDPR).
This includes the following purposes:
- We process your personal data collected during the usage of our RideMovi App in order to identify and resolve possible errors and malfunctions which may occur in providing our Services.
- We process your data collected through your use of our Services for internal purposes, including, for example, to prevent fraud and abuses; to solve software bugs and operational problems; to conduct data analysis and research.
- We may also process your data if you committed an administrative offense during an individual lease or you are in breach of our contractual terms and conditions in order to defend our rights in court.
- We process the position data of our bikes in order to develop a statistical model which is able to predict possible future demand and to monitor and analyse usage and activity trends. For such purposes only data without a direct link to a natural person is processed.
- We may use your personal data for the purpose of providing direct marketing advertising via email, SMS, MMS. You may object to direct marketing by clicking on a link at the end of an electronic mail or by sending an e-mail to email@example.com
- We process your driving and parking behavior in order to impose fines in accordance with our Terms and Conditions.
5.3. When you have given your consent for one or more specific purposes (article 6 (1) a. GDPR)
This legal basis includes the following purposes:
- To provide you (by e-mail, SMS, messenger, push messages and banner on the App) with information, commercial offerings and personalized advertisements (such as special offers, studies and market research, sending of advertising material) about our Services or on products and services of third companies. Your data will not be transmitted to third party companies, nor in any form shared, for marketing purposes of the latter.
6. Data processor and data recipients
We may share your information:
- With our subsidiaries and affiliated entities that provide services or conduct data processing on our behalf.
- With vendors, marketing partners, consultants, and other service providers who need access to such information to carry out work on our behalf; we use external IT service providers who provide server infrastructure, IT maintenance or extensive IT solutions (such as cloud services) and software solutions on our behalf.
- Courts, external advisors, Public Authorities or other authorized third parties in response to a request for information by a competent authority if we believe disclosure is in accordance with any applicable law and regulation.
- Tax administrations, for the compliance of tax obligations.
- Public Authorities, in order to identify the users of the vehicles in accordance with traffic applicable law and regulation.
- With law enforcement officials, government authorities, or other third parties such as an insurer if we believe your actions are inconsistent with our Terms and Conditions: https://www.ridemovi.com/it/en/terms or to protect the rights, property, or safety of us or others, or if there is a complaint, dispute or conflict, which may include an accident, involving you and a third party and such information is necessary to resolve this.
- In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
- With other users, as requested or directed by you, when you wish to share your profile and trip information to engage in social activities or to obtain a promotion code.
- With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us.
- With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate.
Personal data will be processed only by persons/entities previously appointed by Ridemovi or by its data processors as persons in charge of the data processing, or as data controllers, as applicable for the purposes specified above.
Your personal data may be shared only with third parties that process personal data on our behalf and on the basis of our instructions. Any data processor we appoint will be subject to contractual obligations aimed at protecting your personal data.
7. Social Sharing Features
The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them. We do not accept any responsibility or liability for these policies.
8. Retention of Personal Data
We shall retain your personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
When we no longer need to use your personal data with the purpose of providing our Services to you, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.
A longer period of retention of the same data may apply when we need to comply with legal or regulatory obligations to which we are subject (e.g. retention periods which can result from applicable commercial and/or tax).
9. Do we transfer personal data outside the European Economic Area?
In some cases, your data may be transferred to recipients and data processors (e.g. technical service providers) located in countries outside the EEA which are considered as not providing an adequate level of data protection. In such case, in compliance with the applicable data protection law, we ensure an adequate level of data protection by entering into agreements including the EU standard contractual clauses issued by the European Commission which guarantees the appropriate safeguards as defined by article 46 GDPR.
10. How we ensure the security of your data
We have implemented appropriate physical, technical and organizational measures to safeguard and secure the personal data we collect to ensure a level of security appropriate to the risk, in compliance with the GDPR.
Unfortunately, although we strive to implement state of the art technical and organizational measures to ensure a high level of protection of the data we process, the transmission of information via the internet is not completely secure. This means that we cannot guarantee the absolute security of your data transmitted to us; any transmission is at your own risk.
11. Your Rights
According to the GDPR you have the following rights:
- Right of Access. You have the right to obtain from us confirmation from us as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The right of access includes the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You have the right to obtain a copy of the personal data undergoing processing.
- You have the right to have incorrect personal data rectified. This means that you have the right to obtain from us the rectification of inaccurate personal data concerning you. You can directly rectify your data modifying your profile data on the RideMovi App.
- You may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
- You may have the right to request a restriction of the processing of your personal data. This means that, in this case, the respective data will be marked and may only be processed by us for certain purposes (e.g. with your consent or to raise legal claims).
- You may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
- You also have the right to lodge a complaint with the data protection supervisory authority. In Italy the supervisory authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali) based in Piazza Venezia, 11, Rome (00187), gpdp.it, telephone06-696771, e-mail: firstname.lastname@example.org
- If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. In this case your personal data will no longer be processed for such purposes by us.
- If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
To exercise the above rights, you may send us an e-mail to email@example.com, or write us at Via Carducci 31, 20123 Milan.
Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, if you have a standing credit or debt on your account, or if we believe you have committed fraud or violated our Terms, we may seek to resolve the issue before deleting your information.
12. Changes to the Policy
We may change this Policy from time to time. If we make significant changes in the way we process your personal information, or to this Policy, we will notify through the Services or by some other means, such as email. Your continued use of the Services after such notice constitutes your consent to the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices. If you do not agree with any revised version of this Policy, please do not continue to use the Services.
13. Contact Us
If you have any questions about this Policy, please contact us at firstname.lastname@example.org or write us at Via Carducci 31, 20123 Milan.