Privacy Policy

1. Preamble

On May 25, 2018, the European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter GDPR) entered into force.

We are CICLO, an application that facilitates the rental of bicycles in Romania. We are committed to complying with the GDPR Regulation through dialogue and collaboration with our partners. Therefore, we have created the following Privacy Policy to inform you about our practices regarding the collection, use, storage and disclosure of information that you may provide while interacting with us.

This Privacy Policy supplements the CICLO Terms and Conditions. Before going through the Privacy Policy, make sure you read the CICLO Terms and Conditions. Any provision in the Terms and Conditions is still applicable with regard to the protection of personal data.

2. Principles

CICLO is determined to comply with the principles provided by the GDPR and, thus, the personal data are:

1. Processed in a legal, fair and transparent manner towards the data subject;
2. Collected for specific, explicit and legitimate purposes and are not subsequently processed in a way incompatible with these purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. Accurate and, if necessary, updated;
5. Kept in a form that allows the identification of the data subjects for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed;
6. Processed in a way that ensures adequate security of personal data.

3. Definitions and terms
4. User or Customer: The person who uses the application to rent bicycles. It is the subject of the data collected and processed.
5. Personal Data: Any information that can be used to directly or indirectly identify a person. In the context of bicycle rental, this may include your name, email address, phone number, credit card information and location data.
6. Processing: Any operation or set of operations performed on personal data, whether it is collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of making available, aligning or combining, restricting, erasing or destroying.
7. Consent: The user’s free, specific, informed and unequivocal agreement regarding the processing of personal data.
8. Location Data: Information collected by the application or mobile devices indicating the geographic location of the bicycle or the user in real time.
9. Rental Station: The physical location where users can pick up or return rented bicycles.
10. Tariff: The amount of money charged to users for renting bicycles. It can be calculated based on duration of use or distance traveled.
11. Rental Period: The time interval for which a bicycle is rented by a user, from the time of pick-up to the time of return.
12. Time/Distance Limit: Restrictions imposed by the rental service on how long or distance a bicycle can be used before it is required to return or renew the rental.
13. Damages and Penalties: The conditions under which users are responsible for any damage to the rented bicycles and the applicable penalties for such damage or for violating the terms of use.
14. Rights of Data Subjects: The set of rights that the GDPR grants data subjects, including the right to access, rectification, erasure („right to be forgotten”), restriction of processing, data portability and objection.
15. Categories of processed data

We only collect personal data that is voluntarily provided by persons so that we can provide information, provide services, carry out contractual relations and promote our services. In addition, we need to process certain personal data in order to provide our services or to comply with various legal obligations.

Types of processed data:

1. Personal identification data: name, email address, phone number.
2. Financial Data: credit/debit card information for payment processing.
3. Location Data: We collect and process your device’s location data to provide you with our bicycle rental service, identify nearby bicycle stations and calculate ride distances.
4. Rental data: the rental station from which the rental was made, the time of the rental, the rental station where the bicycle was returned, the time of return, the duration of the trip, the price of the trip and the amount paid.

5. Data processing activities

We process personal data based on your consent, for the execution of the bicycle rental contract and to comply with our legal obligations.

Registration in the CICLO system: to create a CICLO account and thus to become a CICLO user, data subjects must provide certain personal data such as name, telephone number, email address, debit/credit card or means payment.

In case of registration through an existing profile on another platform (eg: Facebook or Google), we will process information of this profile, such as the user’s name.

Bicycle rental: in order to be able to provide bike-sharing rental services, it is necessary for CICLO to process users’ geographic location, including their route during bicycle rental. We bring value through the basic functionality of drawing the route taken by the user, also calculating the total distance traveled. Users have access to a complete race history, which is very important to them.

Visitors to the CICLO web page: the CICLO web page uses small text files, called cookies, to streamline and improve the user experience. Some cookies are necessary for the page to run. By visiting our page, personal data can be processed such as: IP address, time and date of access, etc.

Also, based on the express consent granted, CICLO can also process cookie files such as:

1. Preference cookies: allow the web page to retain information that changes the way the page is operated, such as the selected language.
2. Statistical cookies: facilitate CICLO’s understanding of how users use the page, collecting data anonymously.
3. Marketing cookies: they are used to track visitors to websites. The intent is to show ads that are relevant and interesting to each user, and therefore more valuable to publishers and third-party advertisers.

6. Storage period

CICLO stores the data only for the period in which the basis that justified the processing of the data exists.

The data provided by users upon opening the account will be kept for the period in which the account is active.

We do not allow the deactivation of the account of people who currently have open rides, respectively have rented bicycles and have not yet returned them.

Also, for security reasons, we do not allow account deactivation if there are bicycles rented in the last 7 days.

To the extent that when the account is deactivated, the user has not paid all the amounts due, the data will be able to be kept afterwards.

After this period the data will be anonymized and kept for statistical purposes.

7. Data security

Personal data processed through the CICLO application are stored on secure servers. Specifically, and in accordance with the law, we take appropriate technical and organizational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of personal data and the way in which they are processed, in accordance with the conditions of Regulation (EU) 2016 /679 of the European Parliament and of the Council of April 27, 2016.

CICLO is committed to implementing technical and organizational measures to ensure that the processing of personal data meets the conditions set out in data protection legislation.

In this sense, CICLO has implemented the following measures:

1. Limiting access to personal data strictly to employees who are involved in fulfilling our contractual obligations;
2. Taking all possible measures to prevent unauthorized persons from accessing data processing systems;
3. Ensuring that the persons who process personal data have access only to the necessary data and that these data cannot be copied, modified or deleted without authorization;
4. Keeping a record of the people who have access to the personal data and how the personal data is stored;
5. Ensuring the processing of personal data in accordance with the applicable legal provisions.
6. Ensuring the storage of data under conditions that guarantee safety and confidentiality.

We guarantee that we do not sell the personal data that we collect from the user and that we only transmit this data to those who have the right to know it, in compliance with the principles and obligations established by law.

8. Third parties

We do not share your data with third parties, except for payment processors and logistics partners, to the extent necessary to provide our service.

Also, CICLO could share the personal data with the competent authorities/entities involved in such a procedure in order to recover any damages caused by the users.

In the relationship with third parties, CICLO is responsible for ensuring that third parties processing personal data on behalf of CICLO offer sufficient guarantees to implement appropriate technical and organizational measures, so that the processing meets the requirements of this regulation and ensures the protection of the data subject’s rights.

9. The legal basis

We process personal data based on your consent, for the execution of the bicycles rental contract and to comply with our legal obligations.

Data protection legislation allows the collection and processing of data as long as there is a legal basis for doing so. As mentioned above, CICLO processes personal data only in the following situations:

1. Legitimate interest: CICLO could process personal data in the situation where data processing is necessary to achieve a legitimate interest of CICLO such as undertaking and developing economic activities, as long as it does not exceed your interests.
2. Consent: in some cases, CICLO requests your express and specific consent to process some of the personal data. In these situations, CICLO will process personal data only after the express and prior consent of the persons concerned.

Data subjects can withdraw their consent at any time by contacting CICLO at the following email address: contact@ciclo.ro.

10. Rights

Subject to certain legal conditions, as a data subject you have the following rights in relation to the processing of personal data:

1. The right to request a copy of the personal data we hold about you;
2. The right to rectify any incorrect or incomplete personal data;
3. The right to object or to restrict our use of your personal data;
4. The right to withdraw your consent for the processing of data processed on the basis of consent;
5. The right to delete your personal data, in situations where you have withdrawn your consent, the processing is no longer necessary or the said processing is against the law;
6. The right to data portability which allows you to receive a copy of the processed data that we have received from you or to transmit it to another entity indicated by you;
7. The right to withdraw your consent for the processing carried out on the basis of consent. The withdrawal of your consent will not affect the lawfulness of the processing based on the consent before its withdrawal. In cases where you withdraw your consent, CICLO will no longer process your personal data and will take the appropriate measures to delete your personal data. CICLO will, however, be able to process your personal data if there is another legal basis for said processing.

If you wish to exercise the rights mentioned above, please contact us using the following contact details: contact@ciclo.ro.

11. Requests and complaints

If you have any question, concern, request or complaint regarding the way in which CICLO processes personal data, you can contact us at: contact@ciclo.ro.

In order to comply with our legal data security and confidentiality obligations, when you exercise one of your rights as a data subject, we may ask you to prove your identity by providing us with a copy of an identification document or any other information necessary to verify that the request is from the relevant data subject.

We will consider any requests or complaints we receive and provide you with a response within the time limits provided by law. If you are not satisfied with our response or consider that the processing is done in violation of the applicable legislation, you can file a complaint with the data supervisory authority in Romania:

The National Supervisory Authority for the Processing of Personal Data, with headquarters in Bd. Gheorghe Magheru no. 28-30, Bucharest, Romania, phone: 031 80 59 211 / 031 80 59 212.

We reserve the right to modify the Privacy Policy as necessary. If we make such changes, we will notify all users of the new form of the Privacy Policy.

The current form of the Privacy Policy was adopted on: June 6, 2024.

GDPR Agreement

1. Personal data

We, Techwise Electronics SRL, ensure data protection and respect your privacy. We collect, process and use your personal data only with your consent or if there is another legal basis for doing so in accordance with the GDPR; all in compliance with data protection regulations and civil law.

Personal data is collected only to the extent necessary to carry out and process the consent you have voluntarily provided to us.

Personal data is any data that contains data about personal or material circumstances, such as name, postal address, email address, telephone number, financial details and location information.

2. Access and Erasure

At any time, you have the right to access your stored personal data, their origin and recipients, as well as the purpose of their processing. You also have the right to rectification, portability, objections, limitation of processing and blocking or erasure of inaccurate or unlawfully processed data.

If there are any changes to your personal data, please notify us accordingly.

You have the right to withdraw any consent given to the processing of your personal data at any time. Your request for access, erasure, rectification, objection and/or portability, in the case of the latter, if it does not involve a disproportionate effort, may be addressed to the contacts listed in section 8 of this statement.

If you believe that our processing of your personal data infringes data protection legislation or that your data protection rights have been infringed in another way, you can notify us, or you have the right to lodge a complaint with the authority competent supervision.

3. Data Privacy

For the protection of your personal data, we take appropriate organizational and technical precautions. These precautions relate in particular to safeguards against unauthorized, unlawful and including accidental access, processing, loss, use and manipulation. Despite all efforts to maintain a high level of due diligence, it cannot be excluded that the information you make available to us via the Internet may be seen and used by third parties.

Please note, therefore, that we assume no liability for disclosure of information due to errors during data transmission not caused by us and/or unauthorized access by third parties (e.g. hacker attack on an e-mail account or telephone, interception of faxes).

4. Usage data

We will process the data you have provided for the purposes of providing services, marketing, to send newsletters and to contact you by email or telephone and for purposes to which you have given your consent or which are regulated under with GDPR. Exempted from this is the use for statistical purposes, if the data made available was anonymous.

5. Transfer of data to third parties

In order to complete the creation of your account, it may be necessary or required by law to transfer your data to third parties (for example, the service providers we employ and to whom we provide data necessary for the operation of the system), courts or public authorities. The transfer of your data will be carried out exclusively in accordance with the GDPR, in particular for the completion of your account or based on your prior consent.

6. Reporting data incidents

It is our aim to ensure that data breaches are detected as soon as possible and that they will be reported, as appropriate, depending on the respective categories of data, to you or to the supervisory authority of the jurisdiction.

7. Data Retention

We will keep the data no longer than is necessary to fulfill our contractual or legal obligations and to defend ourselves against any liability claims. We do not allow the deactivation of the account of people who currently have open rides, respectively have rented bicycles and have not yet returned. Also, for security reasons, we do not allow the deactivation of accounts if there are bicycles rented in the last 7 days. To the extent that when deactivating the account, the user has not paid all the amounts due, the data will be able to be kept afterwards.

8. Data erasure

In accordance with data protection regulations, we offer users the possibility of deactivating their account through the Mobile Application. After this action, the data will be anonymized and kept for statistical purposes.

9. Our contact details

If you have any questions or requests regarding the processing of your personal data, please contact:

Name: Techwise Electronics SRL

Address: Prelungirea Craiovei street, No. 107, Geamăna Village, Bradu Commune, Arges County, 117141

Phone: +40 371 900 191