Privacy policy

Your privacy is important to us.

PRIVACY POLICY OF SRM MEVO SYSTEM

The Privacy Policy of the MEVO Metropolitan Bicycle System (SRM MEVO) is intended to set forth the rules for the use, sharing and protection of the Personal Data of users of the SRM MEVO in accordance with the requirements of EU Regulation 2016/679 of April 27, 2016. (General Data Protection Regulation) ("RODO") in connection with the processing of Users' Personal Data within SRM MEVO by the Joint Administrators: Metropolitan Area of Gdansk, Gdynia, Sopot and CityBike Global S.A branch in Poland .

I. Personal Data Administrator

With respect to your Personal Data, hereinafter referred to as "Personal Data", there are two controllers listed below (collectively referred to as "Joint Controllers") who jointly decide on the purposes and means of processing the Personal Data.

The co-administrators referred to in the previous sentence are:

  1. Metropolitan Area of Gdansk, Gdynia, Sopot, 39/40 Dlugi Targ Street, 80-830 Gdansk,
  2. CityBike Global S.A branch in Poland, branch address: Warsaw (00-124), Rondo ONZ 1 XXI p., KRS: 0000952378, name and address of foreign entrepreneur: CityBike Global Sociedad Anomia with registered office in Barcelona, 08-174, Calle Via Augusta 105, Registro Mercantil de Barcelona A67484170.

Each of the Joint Administrators takes special care to respect your Personal Data. Each of the Joint Administrators guarantees the confidentiality of any Personal Data provided and ensures that all security and protection measures are taken for Personal Data as required by the Personal Data Protection Laws. Personal Data shall be collected with due diligence and shall be properly protected from access by unauthorized persons.

II. Information we collect

We collect information about our users and visitors to SRM MEVO.

When you visit SRM MEVO, we automatically collect the following information about you: IP address, type of operating system, type of web browser, actions on the website: entering a particular page, clicking on function buttons.

If you provide us with Personal Information by filling out a registration form to create an account or contact us, we collect the following Personal Information: email address, first name, last name, phone number, home address and optional FV data including PESEL.

If you are contacting our customer service staff, you may also provide us with other Personal Information about yourself, depending on the subject of your inquiry to customer service.

From time to time, the Joint Administrator may offer you to participate in sweepstakes, contests and surveys at SRM MEVO. If you participate in them, we will collect other Personal Information, depending on the terms of the sweepstakes, contests and surveys. Participation in the sweepstakes, contests and surveys in question is entirely voluntary, and you therefore have the option to choose whether to disclose the requested information.

III. Purpose, legal basis, scope and period of personal data processing

  1. Purpose of processing: performance of contract, provision of services.

Legal basis: article 6(1)(b) of the RODO for the conclusion, execution and termination of the concluded contract (data processing is necessary for the performance of the contract).

Retention period: the period necessary for the performance, termination or expiration of the contract.

Scope of data: e-mail address, name, surname, telephone number, address, in case of issuing a VAT invoice - tax identification number (NIP) or PESEL number.

Purpose of processing: to establish contact with the Joint Administrators, including responding to your inquiries.

Legal basis: article 6(1)(f) RODO (realization of the Joint Administrator's legitimate interests related to answering questions).

Retention period: until the Joint Controllers lose their legitimate interest or the data subject raises a legitimate objection to the processing of the data.

The scope of the data: name, surname, e-mail address and other data voluntarily included in the content of the message.

Purpose of processing: to perform legal obligations, including financial and tax obligations.

Legal basis: article 6(1)(c) of the DPA (fulfillment of a legal obligation).

Retention period: the data is retained for the period required by law mandating the Joint Administrators to keep tax books (5 years, counting from the beginning of the year following the fiscal year to which the data relates).

Scope of data: First and last name, company name, tax identification number (NIP)/ PESEL number, financial data related to the execution of the contract.

Purpose of processing: to assert claims - in cases of non-compliance with the law, failure to comply with contractual terms.

Legal basis: Article 6(1)(f) RODO (realization of legitimate interests related to possible establishment, investigation and defense of claims).

Storage period: the data are stored until the expiration of the statute of limitations for claims arising from the contract for the use of SRM MEVO, with the statute of limitations determined by the provisions of the Civil Code.

Scope of data: e-mail address, name, tax ID number, PESEL number, financial data, telephone number.

Purpose of processing: to undertake promotional and marketing activities, including sending marketing and commercial information electronically.

Legal basis: Article 6(1)(a) RODO (expressed consent to process personal data) and Article 6(1)(f) RODO (realization of legitimate interests related to the establishment, investigation and defense of claims).

Storage period: the duration of the contract with the Administrator, not less than the period of holding an active SRM MEVO user account.

Scope of data: name, surname, e-mail address and other data voluntarily included in the content of the message by the user SRM MEVO.

Purpose of processing: newsletter mailing.

Legal basis: Article 6(1)(a) of the DPA (expressed consent to process personal data) and Article 6(1)(f) of the DPA (realization of legitimate interests related to the establishment, investigation and defense of claims).

Storage period: until the user revokes consent and, after revoking consent, for a period of time corresponding to the statute of limitations for claims that the Joint Administrator may raise and that may be raised against it.

Scope of data: name, surname, e-mail address and other data voluntarily included in the content of the message by the user SRM MEVO.

Purpose of processing: to maintain and improve SRM MEVO, including security and personalizing your online experience, making sure content is presented in the most effective way for you, as well as to administer SRM MEVO and to perform internal operations, including troubleshooting, data analysis, research, testing, statistical and research purposes.

Legal basis: article 6(1)(f) of the DPA, i.e. the Co-Dministrator's legitimate legal interest in improving the service to visitors of SRM MEVO.

Retention period: until the Co-Data Controller loses its legitimate interest or the data subject raises a legitimate objection to the processing of the data.

The scope of the data: first name, last name, email address, IP address, operating system type, browser type, actions on the website: entering a particular page, clicking on function buttons.

Purpose of processing: to provide or authorize the provision of information to you about goods and services that we think may be of interest to you.

Legal basis: Article 6(1)(a) RODO (expressed consent to process Personal Data) and Article 6(1)(f) RODO (realization of the Administrator's legitimate interests related to the possible establishment, investigation and defense of claims).

Storage period: until the user revokes consent and, after revoking consent, for a period of time corresponding to the statute of limitations for claims that the Joint Administrator may raise and that may be raised against it.

The range of data: first name, last name, e-mail address, operating system type, browser type, actions on the website: entering a particular page, clicking on function buttons.

IV. Recipients of Personal Data

For the proper functioning of SRM MEVO and the professional provision of services, it is necessary for the Joint Administrators to use the services of third parties. The Co-Administrators shall only use the services of such processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RODO and protects the rights of data subjects.

The following recipients may have access to your Personal Data:

  1. service providers to whom the processing of Personal Data has been made available or contractually entrusted for the purpose of performing services provided to the Co-administrator, to the extent necessary for the proper performance of these services, including in particular IT service providers, payment operators (for the purpose of making payments at SRM MEVO), consulting companies and law firms (for the purpose of conducting civil, criminal proceedings against SRM MEVO Customers who have used SRM MEVO in violation of the Terms and Conditions), debt collection companies as defined by law (to pursue unpaid financial claims for the use or misuse of SRM MEVO),
  2. relevant state authorities at their request under the relevant provisions of law, or to other persons and entities - in cases provided for by law.

Any entity to which any of the Joint Controllers entrusts Personal Data for processing shall guarantee an adequate level in terms of security and confidentiality of Personal Data processing. The Processor will process Personal Data based on the Personal Data Processing Entrustment Agreement.

As a rule, personal data is not transferred to third-country entities (outside the EEA). Personal data may be transferred to third countries in a situation where any of the entities listed in points 1 and 2 above carry out data processing in a third country, and only in a situation where the European Commission has made a finding of adequate protection, or using contractual clauses approved by the European Commission.

VI. Principles of collection of Personal Data

Provision of Personal Data is voluntary, but failure to consent to the processing of Personal Data marked as mandatory will prevent the performance of the relevant services of SRM MEVO.

VII. Rights related to the processing of Personal Data

The user of SRM MEVO has the following rights arising from the processing of his Personal Data:

  1. The right to request access to your own personal data;
  2. The right to rectify personal data (when it is incorrect);
  3. The right to delete personal data (the so-called "right to be forgotten");
  4. The right to restrict data processing;
  5. The right to object to processing;
  6. The right to data portability;
  7. The right to revoke the consent given.

In matters related to the processing of Personal Data, you may contact any of the Joint Controllers by directing correspondence to the following address:

  1. CityBike Global S.A branch in Poland, Warsaw (00-124), Rondo ONZ 1 XXI p. or by contacting the Data Protection Officer (DPO) directly via email: iod@rowermevo.pl;

or

  1. Metropolitan Area of Gdansk, Gdynia, Sopot, 39/40 Dlugi Targ Street, 80-830 Gdansk, or by contacting the IOD directly via email: [ ].·

In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection (address: 2 Stawki Street, 00-193 Warsaw) if you consider that the processing of your Personal Data violates the provisions of the RODO.

VIII. Automated decision-making

Your Personal Data will not be used for automated decision-making or profiling.

IX. Transfer of Personal Data to third countries

Data is not transferred to third countries (outside the EEA).

X. Cookies

  1. The SRM MEVO website uses cookies. Cookies are small text files that are stored on your computer or smartphone when you view our website or use the app. There are different types of cookies.
  2. Cookies, which are necessary for the use of the application and our website, are used, among other things, to remember your selected preferences and to monitor your login status. We use these cookies by default, meaning we save them on your computer or smartphone when you access our website.
  3. Within the framework of SRM MEVO we use only necessary cookies, which ensure the proper functioning of our website and its basic functions. Without them you will not be able to use our online services properly. The use of such cookies is exempt from your consent.

XI. Security of MEVO's SRM and Personal Data.

  1. The Joint Administrators shall apply all necessary technical measures set forth in Articles 25, 30, 32-34, 35-39 of the RODO to ensure enhanced protection and security of the processing of Personal Data.
  2. The Joint Administrators maintain the physical, electronic and procedural safeguards necessary to the extent necessary to ensure the protection of your Personal Information from loss, misuse, disclosure and alteration.
  3. If you create an account with SRM MEVO, you must choose a password to protect the information placed in your account. The strength of the password is up to you: you should choose a unique password and keep it secure. You can make password changes as often as you feel like it. You are responsible for keeping your password secret. Please do not share your password with others. Our login process is designed to protect your privacy. If you have trouble logging in to SRM MEVO, please make sure you are using YOUR registered email address and the correct password. If you are using your registered email address and correct password and are still having problems logging into our service, please contact us.
  4. At the same time, the Joint Administrators point out that the use of the Internet and electronically provided services, especially the use of publicly accessible Wi-Fi networks, may involve specific ICT risks, such as the presence and operation of Internet worms (worms), spyware or malware, including computer viruses, as well as the possibility of being exposed to cracing or phishing (password hunting), and others. In order to acquire detailed and professional information regarding the preservation of Internet security, we recommend seeking it from entities specializing in such IT services.