Buy

Processing of personal data

IGP - Privacy & Cookies Notice – Verona Bike bike sharing service

Who does this Notice apply to? 

IGP (“we,” “us,” or “our”) takes your privacy very seriously and will collect and process your Personal Data in a secure manner. In order to protect your privacy, IGP acts in accordance with EU Data Protection Law, namely the General Data Protection Regulation 2016. Before you agree with this IGP Privacy Notice, we recommend you read it carefully. (This notice covers personal data processed by Verona Bike. For information on other personal data IGP may process, please see the IGP Privacy and Cookies Notice on clearchannel.it). 

This IGP Privacy Notice (“Notice”) applies to you, as a Smart Bike or Bike Scheme User (“User”); it explains to you as the Data Subject what Personal Data we process and how, when and why it is processed. It also explains your rights in relation to the processing of your Personal Data and how you may exercise those rights. 

Why is this Notice important? 

IGP operates a Smart Bike sharing service in the city of Verona called Verona Bike (“Service”), which enables users to hire a bike through registration on www.bikeverona.it, email, telephone, and the smartphone application, bike station, bike dock, or any other mechanism in place (“the Platforms”), in accordance with the terms of use found here Verona Bike.it In order to make this service possible we need to collect and process your Personal Data. 

Verona Bike has its registered office at Viale Regina Margherita 42 - Roma, company registration no 12710340154. 

This Notice informs you of our practices with respect to the collection, use and disclosure of Personal Data which you provide to us via our Platforms, or from third party applications we have engaged to make the Service work effectively. 

It also describes your data protection rights, including a right to object to some of the processing which IGP carries out. More information about your rights, and how to exercise them, is set out in the “Your Rights” section. 

“Personal Data” means personal information that identifies you as an individual or relates to an identifiable individual as defined under applicable European legislation (and in particular, the European General Data Protection Regulation). 

What does this Notice do? 

This Notice informs you of our practices from 25 May 2018 with respect to the collection, use and disclosure of Personal Data which you provide to us. 

Why we collect Personal Data and on what legal basis? 

We collect this information in order to make all functionalities of the Service available to you, namely: 

  • to verify and process your order; 
  • for invoicing; 
  • to keep you posted on the progress of your order; 
  • answer your question when you contact us; 
  • to assist in retrieving a lost or stolen bike and administer support in an accident or incident. 

We also use the Personal Data to personalise our Platforms for you and improve your user experience to: 

  • adapt and enhance our Platforms; 
  • provide customer services; 
  • process and administer subject access requests to data; and 
  • resolve complaints (this may include verifying your personal details or having them verified by a third party if this is necessary in order to deliver personal services). 

We do this because you have registered to use Verona Bike and the legal basis upon which we rely to process this data is: 

to fulfil the obligations of a legal contract which you enter into when you engage the Services; and 

In our legitimate business interests and that of that of the city of Verona in connection with our agreement with them, where we manage bicycle furniture on behalf of the city of Verona. Under this agreement we may provide information about you to our support department and bike recovery team; in order to prevent fraud; communicate with you about delivery times, services and other updates and for statistical purposes where data will be anonymised.  

Where we are required to do so by law, in our legitimate interests or where we need to protect your interests or someone else’s interests; we may share your details with local enforcement agencies, including the police, and to any competent judicial or administrative authority. 

 

What Personal Data we collect, how and why? 

Specifically, we may use the Platforms to collect the following Personal Data at the specified times and for these reasons (in brackets): 

  • your first and second name when you first register with us (to identify you in order to operate the Service); 
  • gender when you first register with us (to identify you in order to properly address you and for our statistical purposes); 
  • name and contact details of parents or guardians of child bike users (in order to communicate with those contacts, verify the order, keep the parents updated of and provide important communication on the progress of the order and send parents information they might be interested in); 
  • email address when you first register with us, (in order to identify you, verify your order, keep you updated of and provide important communication on the progress of your order and send you information you might be interested in); 
  • billing and postal address when you first register with us, (to identify you, verify credit card details and process your order); 
  • contact number when you first register with us and at any other point of the transaction, (to identify you, update you and communicate with you). 
  • payment information, when you first register with us and at any other point of your subscription (to complete your order); 
  • encrypted credit card data when you first register with us and at any other point of your subscription (to complete your order);Direct debit details and mandate when you first register with us and at any other point of your subscription, (to complete your order); 
  • recorded calls when you contact our customer care team (for internal training purposes and to solve user complaints); 
  • time stamps from calls and bike stations, including date and time, when you contact our customer care team or collect and return a bike, (to monitor calls for training purposes, to monitor duration of use, track the security of our bikes and to prevent unauthorised use); 
  • secure login details if you register for our Platforms (to access secure or otherwise restricted parts of our Platforms e.g. to access your customer account, marketing preferences control panel securely); 

twitter handle when you contact our customer care team (so we can respond back to you); 

In some circumstances, we may request additional Personal Data to help us to provide you with the most appropriate response – and that use of Personal Data is as provided for in the Privacy and Cookies Notice If you do not provide Personal Data allowing us to process your use of the Service where requested, your access to the Service, or our ability to assist you, may be restricted. 

 

Direct Marketing and Promotions 

 

To make your experience of using Verona Bike useful, we may rely on our legitimate business interest and use your email address to inform you about the development of Platforms, special offers and promotions. We may share your contact details with our partners of the smart bike/bike scheme upon explicit consent. If you no longer wish to receive this information, you can unsubscribe using the information provided below under “Opt-Out of Marketing and Promotions”. 

 

Opt-Out of Marketing and Promotions 

You have the right to opt out of receiving direct Marketing and Promotions communications by: 

clicking on the relevant ‘unsubscribe’ link in the email; 

contacting us at info@bikverona.it 

changing your marketing preferences on Verona Bike 

letting us know at the time that you provide your Personal Data. 

 

If you withdraw, where it has been provided, your consent to receive any further Marketing and Promotions communications from us, we will not contact you further for the purpose of direct marketing. This will not prevent you from using any of Verona Bike Platforms. 

 

If you have any queries or complaints about how we have handled your Personal Data, please contact info@bikverona.it. 

 

Sensitive or “Special Category” Personal Data 

We will not ask for your Sensitive Personal Data except in the event we have to report a matter to the legal authorities. 

Sensitive or “Special Category” Personal Data means Personal Data which may relate to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. Where you do provide Sensitive Personal Data, we will keep it secure and for a proportionate amount of time, and only use that information in connection with the purpose for which it has been provided. 

Children’s Personal Data 

Our Platforms are not intended to target children under the age of 16. We will not knowingly process their Personal Data via our Platforms. We may process Personal Data of children aged 16 to 18 years old who are bike users, with parental or guardian consent only. 

Your Rights 

Under the European General Data Protection Regulation and other applicable legislation, you have rights over your Personal Data which include those listed below. To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. 

Right to Rectification of Personal Data 

If you advise us that your Personal Data is no longer accurate, we will amend or update it (where practical and lawful to do so). You can tell us about any inaccurate data by contacting our customer support team info@Verona Bike.it or update it yourself on the customer portal. 

 

Right to Access Personal Data 

Where permitted by law, you may have the right to contact us to request a copy of Personal Data that we hold about you. Before responding to your request we may ask you to (i) verify your identity and provide further details so we can better respond to your request. 

These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping that Personal Data. Relevant exemptions are included in both the GDPR and in local Data Protection legislation. We will inform you of relevant exemptions we rely upon when responding to any request you make. 

You may also request from us to transfer your data to another entity. If you wish to exercise this right, please contact the customer support team info@Verona Bike.it 

If you require further information on your rights or our use of your Personal Data, please contact us at info@Verona Bike. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. 

 

Right to Erasure or Restriction of Processing of Personal Data 

You can ask us to delete or restrict processing of your Personal Data in some circumstances such as where we no longer need it, or you withdraw your consent (if we rely on consent for processing). We might be required to store some or all of your data to fulfil our legal reasons. If we’ve shared it with others, where possible, we’ll let them know about the erasure. If you wish to exercise this right, please contact the customer support team info@bikeverona.it 

Right to Withdraw Consent 

 

You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. If, at any time, you have consented to us processing your Personal Data in the circumstances or purposes described above, and you no longer wish to have your Personal Data processed in this way, you may unsubscribe by contacting our dedicated customer support team info@Verona Bike.it 

 

Rights in relation to Automated Decision-making and Profiling 

 

You have the right not to be subject to a decision when it’s based solely on automated processing or profiling which produces a legal or similarly significant effect on you. We only carry out this type of decision-making where the decision is necessary for the entry into or performance of a contract; or authorised by Union or Member state law applicable to us; or based on your explicit consent. 

 

Right to Portability 

You can ask us to provide you with your personal data (that you provided to us or that we observed through your activities on our Platforms) in a commonly used and machine-readable format to send it to another controller. 

Right to Object 

You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing if we are not relying on your consent). 

Third Party websites 

Where links from our Platforms are provided to non-IGP websites, we are not responsible for those websites and nor do we imply endorsement of any the linked third party websites. These third-party websites will be governed by different terms of use , depending on the owner and data controller of those websites (including privacy notices) and you are solely responsible for viewing and using each such website in accordance with their own applicable terms of use. We are not responsible for how your Personal Information is handled by such third-party websites. These websites are not covered by this Notice unless otherwise specified in this Notice. 

Security of Personal Data 

Your Personal Data (and commercial information) will be kept as confidential and as secure as possible. We employ appropriate technical and organisational measures consistent with our legal obligations and standard industry practice. Further, as required by the GDPR, we follow strict security procedures in the storage and disclosure of Personal Data which you have given to us, to prevent unauthorised access as far as reasonably possible. 

We use industry standard practices to safeguard the confidentiality of your Personal Data, including “firewalls” and Secure Socket Layers, including compliance with the Payment Card Industry Data Security Standard. We treat your Personal Data as an asset that must be protected against loss, alteration, destruction and unauthorized access and which our employees and representatives must keep confidential, and we use many different security techniques to protect your Personal Data from unauthorized access by users’ inside and outside of Verona Bike. We also use internal protections to limit access to users’ Personal Data to only those employees or representatives who need the Personal Data to perform a specific function. It is impossible to guarantee security, but we commit to taking appropriate action in the event of a breach. 

We will inform you, as long as it is reasonable to do so, if your Personal Data has been breached. 

 

Transfer of Personal Data 

Third Parties 

 

We transfer your personal data where we use third party service providers (as more fully described in this section below) to help us process Personal Data for the purposes described in this Notice, these will include customer management and intelligence solution providers, aggregated data analytics partners, web hosting facilities, audit and compliance partners. 

We may receive and send information about you, including your Personal Data, if you use any of our Platforms to our partners or sub-contractors (Data Processors) in technical, payment, identity verification and delivery services, analytics providers or credit reference agencies; 

 

We only share your Personal Data with third parties in the following cases: 

Where it is necessary to involve a third party service provider, for the performance of our contract with you in order to provide the Service (e.g. a payment processor when we charge you fees in relation to the Service); 

On the grounds of our legitimate business interests, namely: 

As part of the booking process, we may use multiple IT applications to provide the Service to you. 

With a service provider engaged in maintenance of our platforms; 

We use analytics and search engine providers to assist us in the improvement and optimisation of our Platforms. 

We may also disclose your information if required to do so by law or in a good faith belief that such access, preservation or disclosure is reasonably necessary to (i) respond to claims asserted against us (ii) to comply with legal proceedings, (iii) to enforce any agreement with our users such as our Terms and Conditions and our Privacy Notice, (iv) in the event of an emergency involving the danger of public health, death or physical injury to a person (v) in the framework of investigation or (vi) to protect the rights, property or personal safety of Verona Bike employees and representatives. 

If you require further information on our Third Party processors you can contact us at info@Verona Bike.it. 

 

Transfers outside the European Union 

Non-European countries may have data protection laws that are less protective than the legislation where you live. Where this is the case (such as the United States), our transfers of Personal Data will be regulated by standard contractual clauses relating to the transfer of Personal Data outside of the European Union (or outside of jurisdictions deemed “adequate” for data privacy by the European Union). We will not transfer your data outside of the European Union for any other reason than described in this Notice, unless we are required to do so by operation of law. 

Sale or Merger 

If Verona Bike or its assets are sold to or merge with another entity you should expect that some or all of the Personal Data collected by us may be transferred to the buyer/surviving company. 

Retention of Personal Data 

If you have provided us with Personal Data, your Personal Data will be retained for the duration of your relationship with us to fulfil the purposes for which we collected it. This includes, the length of time required to satisfy any legal, regulatory, accounting and reporting requirements, and to process personal information on you in order to establish or defend legal claims (and we or our third party data processors will amend or dispose of your Personal Data at the end of the relevant retention period). 

In determining the appropriate retention period we consider the purpose for which we process your Personal Data, the volume, type and context of the Personal Data, local legal requirements, the risk of harm to the data protection rights of the individual and whether the purpose for processing Personal Data can be established through an alternative method. 

For further information regarding the specific retention periods we apply to your Personal Data please contact us at info@Verona Bike.it. 

Contact us

Should you wish to make any comments, complaints, enquiries or if you have any questions relating to this Notice, your rights, the Platform, our Marketing and Promotion materials or Services we provide, you may contact IGP S.p.A

writing to us by e-mail or by regular and/or registered mail to the following addresses:

by e-mail:

amministrazione@pec.igp.it

by regular and/or registered mail:

IGP S.p.A.

Via Benigno Crespi, 57

20159 Milano (MI)

Changes to this Notice

This Notice is subject to periodic review to ensure it is in line with applicable legislation. We retain all applicable ownership rights to information we collect. We reserve the right to change, modify, add or remove provisions of this Notice. Any changes to this Notice will be posted here, and we encourage you to check back from time to time. If the changes are substantial, we will notify the changes to you.