Privacy Policy

1.Preamble 

European Regulation 2016/679 on the protection of natural persons with regard to the processing of their personal data (hereinafter GDPR) entered into force on May 25, 2018.  Therefore, CICLO commits to protect individual confidentiality and personal data. 

We undertook to observe the GDPR Regulation through dialogue and cooperation with our partners.  Consequently, we created the following confidentiality Policy so as to inform on our practices in terms of collecting, using, storing, and disclosing the information that you may provide while you interact with us. 

This confidentiality policy augments the CICLO Terms and Conditions.  Before going over the Confidentiality policy, make sure you have read the CICLO Terms and Conditions.  Any provision within such Terms and Conditions is hereinafter applicable with regard to the protection of personal data.  

The present confidentiality policy applies to both the CICLO application, as well as to the CICLO web page.  

2. Principles

CICLO is determined to observe the principles set-forth by the GDPR and, as such, personal data is: 

• Legally, fairly, and transparently processed in terms of the intended person; 
• Collected for predetermined, explicit, and legitimate purposes and not subsequently processed in a manner that is incompatible with such purposes; 

• Adequate, relevant, and limited to what is necessary in terms of the purposes wherefore they are processed; 
• Precise and, if necessary, updated; 
• Preserved in a form which allows for the identification of the intended persons for a period which will not exceed the period required for fulfilling the purposes wherefore the data is processed; 
• Processed in a manner ensuring the adequate security of personal data.  

3. Categories of processed data 

CICLO collects the personal data of users, members, and visitors of the web page and those of clients/potential clients.  When so commanded by the law, CICLO provides natural persons with an adequate notification on the data to be collected and the manner wherein they will be used. 

We only collect personal data which are voluntarily provided by natural persons so that we may provide information, services, develop contractual relations, and promote our services.  Additionally, we have to process certain personal data in order to be allowed to provide our services or to observe various legal obligations. 

Processed data: identification data (name, first name(s)), telephone number, e-mail address, data pertaining to the bank card associated to the account, and geographical location.  

4. Data processing activities

• Registration in the CICLO system: in order to create a CICLO account and therefore become a CICLO user, intended persons should provide certain personal data like name, telephone number, e-mail address, credit/debit card or other means of payment data. 

In case of registration through a profile existing on another platform (e.g. Facebook), we will process the information from this profile, like the user name.  

• Bike rental: in order to be able to provide bike-sharing services, it is necessary for CICLO to process the geographical location of the users, including their course throughout the bike rental.  Because of this, the Ciclo app will request from its users to access the location services of their phones, store it and process it in order to provide core functionalities of the app. 
• We bring value to the user with the core feature of DRAWING THE ROUTE of the ride with our rented bike and COMPUTING THE TRAVELED DISTANCE. The users will have a HISTORY section with all these data, extremely important for them. 

• The expected user behavior is to lock the phone while driving the bike. Therefore, we need background permissions in order to accurately/continuously create this value for the user. 
• This app collects location data to enable DRAWING THE ROUTE, COMPUTING TRAVELED DISTANCE, DISPLAY PRICE OF NEAREST STATIONS, DISPLAY THE LOCATION OF NEAREST STATIONS & BIKES, even when the app is closed or not in use. 

• Offer request: in order to obtain an offer or information regarding the acquisition of the CICLO system, clients/potential clients or their representatives should provide information like name, first name, and contact data.  

• CICLO web page visitors: the CICLO web page uses text format files, of small size, called cookies in order to make the experience of the user more effective and better.  Some cookie type files are necessary in order for the page to develop.  By visiting our page, personal data like IP address, time and date of accessing etc., may be processed.   

Furthermore, based on your freely given consent, CICLO may process cookie type files like: 

-              Preference cookies: allowing the web page to retain information which allow the page’s manner of operation like, the selected language.  

-              Statistic cookies: helps CICLO to understand the manner wherein users use the page and collect data, anonymously.  

-              Marketing cookies: are used to track visitors of the web page.  The intention is to post relevant and interesting ads for each user and, as such, more valuable for third party editors and advertising agencies. 

5. Legal basis 

Data protection legislation allows for the collection and processing of data as long as there is a legal reason to do so.  As mentioned above, CICLO processes personal data only in the following situations: 

• Conclusion/development of an agreement: processing of personal data is required in order to sign an agreement respectively in order to carry-out the obligations arising from an agreement.  
• Legitimate interest:  CICLO might process personal data in the event wherein the processing of data is necessary in order to achieve a legitimate interest of CICLO like, the accomplishment and development of economic activities, as long as it does not outmatch your interests. 

• Consent: in some cases, CICLO demands your express and specific consent in order to process a part of your personal data.  In such situations, CICLO will process personal data only after having attained the express and preliminary consent of intended persons.  

Intended persons may withdraw their consent at any time by contacting CICLO at the following e-mail address: contact@ciclo.ro  

6. Third parties

Third parties providing personal data to CICLO are responsible with making sure that intended persons were informed on the provisions of the present confidentiality policy and that such intended person has given his/her consent for sharing the data.  

CICLO might share personal data with third parties in order to observe legal obligations (for example, obligations regarding labour and fiscal legislation) or to execute contractual obligations (for example, in the event wherein we involve subcontractors in the provision of services).  

Furthermore, CICLO might share personal data with the competent authorities/entities involved in such a procedure in view of recovering any prejudice caused by the users.  

In terms of third parties, CICLO is responsible with making sure that, third parties processing data on behalf of CICLO provide sufficient guarantees to implement adequate technical and organizational measures and therefore the processing of personal data meets the requirements of the present regulations and ensures the protection of the intended person’s rights. 

! Financial data necessary for the processing of payments are processed in safety conditions by:  MobilePay. 

7. Data storing period

CICLO stores data only throughout the period wherein the legal basis for data processing exists. 

The data provided by users along with the opening of the account will be preserved for the period wherein the account is active respectively and, subsequently, for a period of 1 year.  In the extent wherein, when the account is deactivated, the user has not paid all amounts due, the data may be subsequently preserved.  After such period, the data will become anonymous and be kept for statistical purposes only.  

Data regarding the geographical location and routes taken by users will be preserved for a period of 60 days after the completion of each ride.  

Optionally, users may opt for data regarding routes taken to be preserved even after the 60 days term respectively, throughout the entire period wherein their account is active.  

After such period, the data will become anonymous and be kept for statistical purposes only. 

8. Data storage 

Personal data processed through by CICLO is stored in safety conditions in Firebase (Google).  Firebase ensure the highest standard of data security.  

9. Right of intended persons

Subject to certain legal conditions, as intended person, you have the following rights in terms of your personal data being processed: 

• The right to demand a copy of your personal data that we hold; 
• The right to rectify any incorrect or incomplete personal data; 
• The right to oppose or restrict our use of your personal data; 

• To right to withdraw your consent for our processing of your personal data based on your previously given consent; 
• The right for your personal data to be erased in cases when your consent was withdrawn, processing is no longer necessary or, such processing breaks the law; 
• The right for data portability allowing you to receive a copy of the data received from you and processed by us, or to send them to another entity indicated by you; 
• To right to withdraw your consent for our processing of your personal data based on your previously given consent; Any such withdrawing of your consent will not affect the lawfulness of processing occurring based on your consent previous to withdrawing.  In cases when you withdraw your consent, CICLO will no longer process your personal data and will adopt all necessary measures to erase your personal data.  Nevertheless, CICLO may process your personal data if there is a legal basis for such processing. 

Should you wish to exercise any of the above-mentioned rights, please contact us using the following contact details: contact@ciclo.ro 

10. Technical and organizational measures 

CICLO is committed to implement technical and organizational measures so as to make sure the personal data processing meets the conditions set-forth by data protection legislation. 

To this end, CICLO has implemented the following measures: 

• Limiting the access to personal data strictly for employees who are involved in the execution of our contractual obligations. 
• Adopting all possible measures in order to prevent the access of unauthorized persons to data processing systems; 
• Making sure that persons who process personal data have access only to the necessary data and that such data cannot be copied, modified, or erased without authorization. 

• Record keeping of persons with access to personal data and the manner wherein personal data is stored; 
• Making sure personal data processing complies with the applicable legal provisions. 
• Making sure data is stored in conditions warranting safety and confidentiality. 

11. Claims and grievance 

If you have any question, query, demand, or complaint regarding the manner wherein CICLO process personal data, you may contact us at: contact@ciclo.ro . 

In order for us to comply legal obligations undertaken with regard to data security and confidentiality, when you exercise one of your rights as intended person, it is possible for us to ask you to prove your identity and provide us with a copy of an identification document or any information required for verifying that such requests originate from a relevant intended person. 

We will take into consideration and demands or complaints we receive and provide answers in compliance with the terms set-forth by the law.  Should you be unsatisfied with our response or believe processing is achieved in breach of the applicable legislation, you may formulate a complaint with the Romanian data processing surveillance authority:  

National Authority for the surveillance of Personal Data Processing, located at  28-39 Magheru Boulevard, Bucharest, Romania, telephone:  031 80 59 211 / 031 80 59 212. 

We reserve the right to amend the CICLO Confidentiality Policy if necessary.  In such cases, we will notify all users with regard to the new format of the confidentiality Policy. 

The present format of the confidentiality policy was adopted on:   25.06.2020