Register

Privacy policy

PRIVACY POLICY OF THE ZIELONOGÓRSKI ROWER MIEJSKI

This privacy policy of the Zielonogórski Rower Miejski System (hereinafter: ZRM System) is targeted at providing users of the ZRM System with the information required in accordance with art. 13 and 14 of GDPR, due to the processing of their data within the ZRM System.

I. Who is the Controller of your personal data?

Nextbike S.A. with its registered office in Warsaw at ul. Przasnyska 6b, 01-756 Warszawa.

II. We process your personal data for the purpose of:

1. Conclusion and performance of a contract in order to enable your bike use and realization of the discount in case of meeting the relevant criteria – the basis for this processing is art. 6 section 1 (b) of the GDPR;
2. Settlement of payments due for the bike rental services, including issuing of a VAT invoice – the basis for this processing is art. 6 section 1 (c) of the GDPR;
3. Handling of complaints – the basis for this processing is art. 6 section 1 (c) of the GDPR;
4. Identification and pursuing claims or defending against claims – the basis for this processing is art. 6 section 1 (f) of the GDPR;
5. Handling of correspondence, e.g. handling of a request or providing answer to a question sent using the contact form – the basis for this processing is art. 6 section 1 (f) of the GDPR;
6. Enabling the users to use the mobile application as well as the website, and ensuring the security of communication resulting from their use – the basis for this processing is art. 6 section 1 (f) of the GDPR;
7. Enabling the possibility to verify the progress of conversation with a helpline employee, which is necessary in order to make complaints about services or to determine or pursue claims, or to defend against claims (call recordings) – the basis for this processing is art. 6 section 1 (a) of the GDPR.
8. Marketing of products and services provided by third parties (list) based on the consent given by you or by your parent / legal guardian – the basis for this processing is art. 6 section 1 (a) of the GDPR;
9. Marketing of own products and services, including customer satisfaction surveys – the basis for this processing is art. 6 section 1 (f) of the GDPR (legitimate interest of Nextbike Polska S.A.) or art. 6 section 1 (a) of the GDPR (parent consent) – if you are a child;
10. Ensuring the security of property, including bikes and bike stations – the basis for this processing is art. 6 section 1 (f) of the GDPR.
II.2. The processing of personal data of a parent/legal guardian is conducted by us for the purpose of ensuring the possibility to demonstrate the effective conclusion of a contract with a minor user, and in order to obtain the consent of a parent/legal guardian within the meaning of art. 8 of the GDPR – the basis for this processing is art. 6 section 1 (c) of the GDPR.

III. What personal data will be processed?

1. first name, last name, phone number, address of residence, e-mail address, PESEL – for the purpose of conclusion and performance of a contract;
2. first name, last name, phone number, e-mail address, bank account number (at the moment of sending the settlement form), first and last name of the bank account holder, and additionally, in the case of a foreign account, IBAN and SWIFT/BIC – for the purpose of settlement of payments;
3. first name, last name, address of residence – for the purpose of issuing a VAT invoice;
4. name, business address, NIP – for the purpose of issuing a VAT invoice for an entrepreneur;
5. first name, last name, phone number, address of residence, e-mail address – for the purpose of handling of complaints,
6. IP address and other information allowing to identify the device (details are specified in section X) that you are using – during each use of the mobile app or website, which are intended to handle the system;
7. personal data provided by you in correspondence and personal data associated with the communication method, e.g. phone number or e-mail address, first and last name;
8. first name, last name, phone number, address of residence, e-mail address – for the marketing purposes;
9. first name, last name, phone number, address of residence, e-mail address – for the purpose of property protection;
10. first name, last name, address of residence, PESEL and other personal data, especially the above-mentioned personal data, which you have made available to the controllers – for the purpose of identification and pursuing claims, or for the purpose of defending against claims;
11. Your voice and personal data that you provide in the course of conversation with a consultant (data registered on a recording) – for the purpose of enabling the possibility to verify the progress of conversation with a helpline employee, which is necessary in order to make complaints about services or to determine or pursue claims, or to defend against claims (call recordings);
12. first name, last name, address of residence – in the case of personal data of parents/legal guardians.

IV. Who may get access to your personal data?

1. The entities that provide services to the controllers, especially including the providers of IT services, payment operators, law firms and debt collection companies;
2. Third parties to which the user has consented to provide data – the list of such entities is available here;
3. The entities authorised to receive your personal data based on the provisions of the law;

V. How long will your personal data be stored?

1. In the case of personal data processed for the purposes specified in section II.1 – such personal data will be stored for the period required to fulfil such purposes, or for the period of 6 years from completion of the contract for the use of the System; in the case of personal data processed based on consent – no longer than until withdrawal of a given consent. The recordings of helpline conversations will be stored until withdrawal of a given consent or after the expiration of 60 days from the date of a conversation – whichever occurs first;
2. Personal data processed for marketing purposes for the period necessary to achieve the purpose or until the consent is withdrawn.

VI. Rules for the collection of personal data

Provision of personal data by the data subject constitutes a prerequisite for conclusion of a contract and its implementation. Furthermore, it is also a statutory requirement in the case of data collected for the purposes of issuing a VAT invoice. Therefore, failure to provide such data results in the inability to conclude or implement a contract, as well as other associated purposes.
Provision of personal data in connection with the handling of correspondence is voluntary, however necessary in order for the joint controllers to be able to respond or perform a given request.
Failure to provide personal data for the marketing purposes results in the inability to receive commercial information or direct marketing with the use of specified channels of communication.
Personal data necessary for the confirmation of entitlement to preferential terms of the provision of services are also obtained from the cooperating entity which supplies you with services (it applies to persons using preferential terms).

VII. What rights do you have in regard to the processing of personal data?

You have the right to:
1. Access your personal data;
2. Request the rectification of your personal data;
3. Request the limitation of the processing of your personal data, in the case when:
a. you question the accuracy of your personal data – for a period allowing the controller to verify the accuracy of such data;
b. the processing is not compliant with the provisions of the law, and you oppose the erasure of your personal data and request the limitation of its use instead;
c. the controller doesn’t need your personal data anymore, however you need it to identify, pursue or defend claims;
d. you have raised an objection to the processing, which is based on art. 6 section 1(f) of the GDPR, until it is determined whether the legally justified basis of the controller is superior in regard to the basis for your objection.
4. Raise an objection at any time in regard to the processing of your personal data, the basis of which is art. 6 section 1 (f) of the GDPR, due to reasons associated with your particular situation or for marketing purposes;
5. Request the erasure of your personal data;
6. Withdraw your consent at any time, without the need to provide a reason and without affecting the lawfulness of processing before withdrawal of your consent – whenever the processing of data is based on consent. The given consents may be withdrawn at any time (via contacting the address of the registered office of Nextbike Polska S.A. and via writing to the following e-mail address: [email protected] or via unchecking of the checkboxes from the level of your account – using the app or website – in the “Settings and privacy” section). In the case of a consent to the recording of conversation with a consultant, you can withdraw such consent by writing to the following e-mail address: [email protected]. The above-mentioned withdrawal of consent will not affect the compliance of data processing implemented prior to the withdrawal of a given consent.
7. Obtain your personal data in a format that is structured, commonly used and machine-readable, or request the controller to send your personal data to another controller.
8. Lodge a complaint with the President of the Personal Data Protection Office (address: Stawki 2, 00-193 Warszawa), in the case when you believe that the processing of your personal data violates the GDPR.
In the case of matters associated with the processing of your personal data and the exercise of your rights, please contact Nextbike Polska S.A. by sending correspondence to the following address:
Nextbike Polska S.A. with its registered office in Przasnyska 6b, 01-756 Warszawa, or to the following e-mail address: [email protected].

VIII. Is there a data protection officer (DPO) appointed and how to contact him/her?

Nextbike Polska S.A. appointed a DPO who can be contacted using the following e-mail address: [email protected]

IX. Automated decision-making

Your personal data will not be used for automated decision-making, nor profiling.

X. Cookies

1. The Controller uses cookies within the system.
2. In simple terms, cookies are small text files, which are saved on your computer or smartphone when you visit our website. There are various types of cookies.
3. The cookies necessary to visit our website are used to (among others): ensure the stability of its functioning (they measure traffic, thus they protect against its overload); remember the privacy preferences selected by you; fill out the online forms made available by us; save the contents of your cart; monitor your logging in status. We use these cookies by default, which means that we save them on your computer or smartphone at the moment of entering our website (in accordance with art. 173 section 3 of the Telecommunications Law Act). We only use strictly necessary cookies.
4. We use the following cookies within the System:

Strictly necessary cookies – they ensure correct functioning of our website as well as its primary functions. Without these cookies, you won’t be able to correctly use our online services. Furthermore, these cookies are exempt from the obligation to obtain your consent (art. 173 section 3 of the Telecommunications Law Act).
Name Purpose Period of storage
qtrans_front_language Tracking of selected interface language Duration of the user’s session
nextbike-react Information concerning the user’s session (encrypted) 14 days
Third party Verifying whether a given browser supports 3rd party cookies (for logging in using iframe). Duration of the user’s session

 

XI. Analytical and marketing tools applied by data controller and data controller’s partners

1. Data Controller and its Partners apply various solutions and tools used for analytical and marketing purposes. Basic information concerning these tools may be found below. Detailed information in this regard may be found in the Privacy Policy of a given partner.

GOOGLE ANALYTICS
1. Google Analytics cookies files are files used by the Google company in order to analyse the manner of using the Service by the User in order to create statistics and reports concerning the Service operations. Google does not use the gathered data for identification of Users, nor does it combine these information in order to enable identification. Detailed information concerning the scope and the principles of collecting data in relation to this service may be found at: https://www.google.com/intl/pl/policies/privacy/partners.

GOOGLE ADWORDS
1. GOOGLE ADWORDS is a tool that enables measuring efficiency of advertising campaigns realized by Data Controller, allowing to analyse such data as keywords or number of unique users. The Google Adwords platform also allows to display our advertisements to persons who visited the Service in the past. Information concerning the processing of data by Google in the scope of the above service may be found at: https://policies.google.com/technologies/ads?hl=pl.

FACEBOOK PIXELS
1. Facebook pixels is a tool that enables measuring the effectiveness of advertising campaigns realized by the Data Controller on Facebook. The tool allows for an advanced analysis of data in order to optimize Data Controller’s actions also with the use of other tools offered by Facebook. Detailed information concerning data processing by Facebook may be found at: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.

SOCIAL MEDIA PLUG-INS
1. Social media plug-ins are used by the Service (Facebook, Google+, LinkedIn, Twitter). The plug-ins enable the User to place the content published in the Service on selected social media portals. Applying plug-ins in the Service causes that the given social media service obtains information about the use of the Service by the User and thus may assign them to that User’s profile created in a given social media portal. Data Controller does not possess the knowledge on the goal and scope of gathering data by social media portals. Detailed information concerning this topic may be found under the below links:
a. Facebook: https://www.facebook.com/policy.php
b. Google: https://privacy.google.com/take-control.html?categories_activeEl=sign-in
c. LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
d. Twitter: https://twitter.com/en/privacy