Privacy Policy

Last update 11 September 2020

Versión en castellano próximamente

 

The Website www.cityscoot.eu, the Application and the Cityscoot service (hereinafter “our Services”) are offered by the company CITYSCOOT, a simplified joint-stock company (société par actions simplifiée) registered in the Paris Trade and Companies Register under the number 800 862 021, with registered office located at 8 rue Bayen, 75017 Paris, France, for Italy CITYSCOOT ITALIA S.R.L., located in Milan (Italy), Via Spezia 1 CAP 20142, registered under the number MI – 2525958 and for Spain CITYSCOOT ESPAÑA S.L., located in Barcelona (Spain), c/ Ciutat d’Asunción, nº 26 de Barcelona (08030), with tax identification number (NIF): B-67482455 (hereinafter “Cityscoot” or “We”). 

 

Cityscoot undertakes to protect the privacy of all visitors and Users of its Services. It undertakes to ensure that the collection and processing of your data is carried out in accordance with the General Data Protection Regulation (GDPR) and the French law on data protection (“Informatique et Libertés”).

The Personal Data Protection Policy sets out our commitments and the fundamental principles that we apply to the protection of personal data. It provides information about the procedures implemented in the collection and use of your data, as well as the options and rights to which you are entitled. It supplements the General Terms of Use of the Service. The Capitalised terms for which no definition is provided herein have the meaning assigned to them in the said General Terms of Use.

 

We may amend the Charter at any time in order, in particular, to comply with any regulatory, jurisprudential, editorial or technical developments. We invite you to consult the latest version before each visit.

 

Who does this policy concern?

The collection and processing of personal data concerns all visitors and Users of our Services.

When registering or accessing our services, you will receive all mandatory information relating to the collection and processing of your Data.

Pursuant to our General Terms of Use, access to our Services is reserved for adults.

 

What personal data is processed?

When using our Services, the following personal data may be collected and processed:

  • Personal identification data (surname, first name, data of birth, photograph, ID document, driving licence, BCR);
  • Personal contact data (email address, postal address, telephone number);
  • Personal payment data (bank details);
  • Scooter location data (point of collection and return, journey history);
  • Browsing data (IP address, connection data, browser type and version, browser plug-ins type and version, operating systems and platforms, device identifier for advertisers);
  • Mobile device location data.

 

When do we collect your personal data?

The personal data is derived from the information that you provide directly when registering for our Services or, if you access our Services via your Uber account, the data provided to us by the latter (name, email address, telephone number, number of the scooter you wish to reserve, your data of birth and postal address in the event of a road traffic offence).

Your journey history is collected when you use our Services.

When you visit our Website or Application, browsing and location data, taken from cookies or similar technologies, will be collected.

Data may also be collected when participating in a competition, a customer survey or when communicating with our customer service department.

 

What information do we provide you with when collecting your data?

When collecting your data, the following information in particular is provided to you:

  • The reasons for collecting this data (purpose);
  • Whether the provision of certain data is obligatory or optional and, where applicable, the consequences of failing to provide obligatory data (if obligatory data is not provided, access to the Services is not permitted);
  • The status of Cityscoot as data controller.
  • Your rights and the means of exercising said rights through Cityscoot;
  • The legal basis underpinning the lawfulness of the processing (for example, whether the processing is based on your consent, the requirement to comply with a legal obligation, the need to execute the contract that binds us, the legitimate interests of Cityscoot or a third party, etc.);
  • The categories of persons authorised to access your data (i.e. the recipients of your data);
  • Where we intend to transfer your data outside of the European Union, we put in place guarantees and inform you of these guarantees ensuring the compliance of these transfers with the French data protection regulations (Informatique et Libertés);
  • The data retention periods or, where this is not possible, the criteria used to determine such periods;
  • And more generally all the information required by the French data protection regulations (Informatique et Libertés).

We retain your data only for the time required to complete the operations for which such data has been collected and in accordance with the regulations. We subsequently delete the personal data, expect where we need to retain such data until the expiry of the legally prescribed period as evidence for civil-law actions which may not exceed 5 years, or pursuant to legal data retention requirements.

The purposes and corresponding retention periods are:

PROCESSING 
Prospecting new customers

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
Cookies: maximum 13 months
Prospect info: 3 years from last contact from customer

PROCESSING 
Managing customer base (B2C)
Creation, management, deletion of customer accounts

LEGAL BASIS 
CONTRACT EXECUTION / LEGAL REQUIREMENT

RETENTION PERIOD (2)
Bank details: 13 months
Other data: 3 years from last contact from customer

PROCESSING 
Managing customer base (B2C)
Recovering incomplete accounts

LEGAL BASIS 
LEGITIMATE INTEREST

RETENTION PERIOD (2)
90 days

PROCESSING 
Profiling customer base
Targeted prospection

LEGAL BASIS 
CONTRACT EXECUTION

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Profiling customer base
Sponsorship

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Analytical activity management

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
13 months from data collection

PROCESSING 
Developing customer loyalty
Newsletter, competitions, notifications

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Developing customer loyalty
Free minutes scheme

LEGAL BASIS 
CONTRACT EXECUTION

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Managing user support

LEGAL BASIS 
CONTRACT EXECUTION

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Managing requests to exercise rights (1)

LEGAL BASIS 
LEGAL REQUIREMENT

RETENTION PERIOD (2)
Minimum 3 years from the request

PROCESSING 
Local authority reporting

LEGAL BASIS 
CONTRACT EXECUTION

RETENTION PERIOD (2)
Unlimited: Anonymous data

PROCESSING 
Customer studies

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
Length of the study. Anonymous data for the results

PROCESSING 
Accounting and payment

LEGAL BASIS 
CONTRACT EXECUTION / LEGAL REQUIREMENT

RETENTION PERIOD (2)
Statutory retention period for invoices: 10 years

PROCESSING 
Accounting and payment
Blocking of Users in default of payment

LEGAL BASIS 
LEGITIMATE INTEREST

RETENTION PERIOD (2)
Statutory retention period for invoices: 10 years

PROCESSING 
Provision of services via the Uber platform

LEGAL BASIS 
CONTRACT EXECUTION

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Organisation of scooter use training

LEGAL BASIS 
CONSENT

RETENTION PERIOD (2)
3 years from last contact from customer

PROCESSING 
Management of claims and thefts

LEGAL BASIS 
LEGITIMATE INTEREST

RETENTION PERIOD (2)
Until settlement of the claim

PROCESSING 
Management of fines

LEGAL BASIS 
LEGAL REQUIREMENT

RETENTION PERIOD (2)
2 years

 


PROCESSING


LEGAL BASIS


RETENTION PERIOD (2)

Prospecting new customers CONSENT Cookies: maximum 13 months
Prospect info: 3 years from last contact from customer

Managing customer base (B2C)
Creation, management, deletion of customer accounts

CONTRACT EXECUTION / LEGAL REQUIREMENT Bank details: 13 months
Other data: 3 years from last contact from customer
Managing customer base (B2C)
Recovering incomplete accounts
LEGITIMATE INTEREST 90 days
Profiling customer base
Targeted prospection
CONTRACT EXECUTION 3 years from last contact from customer
Profiling customer base
Sponsorship
CONSENT 3 years from last contact from customer
Analytical activity management CONSENT 13 months from data collection

Developing customer loyalty
Newsletter, competitions, notifications

CONSENT 3 years from last contact from customer
Developing customer loyalty
Free minutes scheme
CONTRACT EXECUTION 3 years from last contact from customer
Managing user support CONTRACT EXECUTION 3 years from last contact from customer
Managing requests to exercise rights (1) LEGAL REQUIREMENT Minimum 3 years from the request
Local authority reporting CONTRACT EXECUTION Unlimited: Anonymous data
Customer studies CONSENT Length of the study. Anonymous data for the results
Accounting and payment CONTRACT EXECUTION / LEGAL REQUIREMENT Statutory retention period for invoices: 10 years
Accounting and payment
Blocking of Users in default of payment
LEGITIMATE INTEREST Statutory retention period for invoices: 10 years
Provision of services via the Uber platform CONTRACT EXECUTION 3 years from last contact from customer
Organisation of scooter use training CONSENT 3 years from last contact from customer
Management of claims and thefts LEGITIMATE INTEREST Until settlement of the claim
Management of fines LEGAL REQUIREMENT 2 years

 

(1) Data retention for all requests: name, contact details, purpose and account history.
(2) The periods are indicated subject to additional legal requirements.

Data may be collected for other purposes for certain specific or temporary services. Where applicable, information about the said processing will be provided in a specific document when this Data is collected.

Who are the recipients of your Data?

The recipients of the data are:

  • Cityscoot, its subsidiaries, affiliated companies and, in particular, the departments involved in the processing of your registration and our customer services department;
  • our service providers and sub-contractors, in particular for the purposes of processing your payments or authenticating your documents;
  • our insurance company (and/or our brokerage firm) in the event of claims and thefts;
  • the competent police authorities, in the event of an offence;
  • the municipal authorities, for the purposes of improving transport services;
  • generally, the competent authorities, upon request only, in order to meet legal requirements.

If you access our Services via your Uber account:

  • Uber, in order that it may invoice you for the use of our Services and that you may consult your journey history (points of departure/arrival points and duration of use of the service) via your Uber account.

 

Transfers of data outside the EU

Cityscoot may use a file sharing and storage service and a rights management service for which the servers or systems may be located outside the European Economic Area (EEA), resulting in the transfer of Data outside the territory of the EEA.

These transfers are subject to  appropriate guarantees for maintaining the confidentiality, integrity and security of the Data in accordance with the French data protection regulations (Informatique et Libertés). You can obtain a copy of the protection guarantees by contacting the data controller via email ([email protected]) or from our data protection officer at the following address: [email protected].

 

Information from Cookies and similar technologies may be transferred outside the European Union with a view to its storage or processing in relation to audience measurement or publicity purposes. More information on this matter for each partner involved is provided in the Cookies Policy.

 

Is your data secure?

We undertake to take all necessary precautions and all appropriate technical and organisational measures in order to safeguard the security, integrity and confidentiality of the Data and, in particular, to ensure that said Data is not altered, modified or deleted and that no unauthorised third party has access to it.

We have taken the following measures in particular:

  • We use encryption systems to guarantee the security of your personal data when said data is transferred;
  • Access to the network and systems is restricted to authorised staff with access rights;
  • Users have unique passwords (password management ensuring strong passwords and two-step authentication);

However, we cannot guarantee that all risks of improper use of the Data will be removed. It is important that you maintain your login data confidential in order to prevent unauthorised use of your account.

 

What are your rights?

In accordance with the French data protection regulations (Informatique et Libertés), and subject to payment of all amounts owed as specified in the General Terms of Use of our services, you may withdraw the consent that you have previously given when registering for our services at any time.

You may access and obtain a copy of the data concerning you, have said data rectified, under certain conditions object to its processing or have it deleted.

You also have the right to restrict the processing of your Data and the transfer of said data to third parties.

Lastly, you are entitled to establish guidelines relating to the use of your Personal Data after your death.

For further information: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles  

 

Exercising your rights

These rights may be exercised at any time, through Cityscoot, by means of an ID document provided via email to: [email protected].

 

Claim via the CNIL

If, after having contacted us, you believe that your rights regarding your data have not been respected, you may file a claim with the CNIL.