Clear Channel Privacy Statement relating to the "bikeMi" Bicycle Sharing System
Clear Channel Italia (“we,” “us,” or “our”) takes your privacy very seriously and will collect and process your Personal Data in a secure manner. In order to protect your privacy, Clear Channel Italia acts in accordance with EU Data Protection Law, namely the General Data Protection Regulation 2016. Before you agree with this Clear Channel Italia Privacy Notice, we recommend you read it carefully. (This notice covers personal data processed by bikeMi. For information on other personal data Clear Channel may process, please see the Clear Channel Privacy and Cookies Notice on clearchannel.it).
This Clear Channel Italia Privacy Notice (“Notice”) applies to you, as a Smart Bike or Bike Scheme User (“User”); it explains to you as the Data Subject what Personal Data we process and how, when and why it is processed. It also explains your rights in relation to the processing of your Personal Data and how you may exercise those rights.
bikeMi has its registered office at Viale Regina Margherita 42 - Roma, company registration no 12710340154.
This Notice informs you of our practices with respect to the collection, use and disclosure of Personal Data which you provide to us via our Platforms, or from third party applications we have engaged to make the Service work effectively.
It also describes your data protection rights, including a right to object to some of the processing which Clear Channel carries out. More information about your rights, and how to exercise them, is set out in the “Your Rights” section.
“Personal Data” means personal information that identifies you as an individual or relates to an identifiable individual as defined under applicable European legislation (and in particular, the European General Data Protection Regulation).
This Notice informs you of our practices from 25 May 2018 with respect to the collection, use and disclosure of Personal Data which you provide to us.
We collect this information in order to make all functionalities of the Service available to you, namely:
to verify and process your order;
to keep you posted on the progress of your order;
answer your question when you contact us;
to assist in retrieving a lost or stolen bike and administer support in an accident or incident.
We also use the Personal Data to personalise our Platforms for you and improve your user experience to:
adapt and enhance our Platforms;
provide customer services;
process and administer subject access requests to data; and
resolve complaints (this may include verifying your personal details or having them verified by a third party if this is necessary in order to deliver personal services).
We do this because you have registered to use bikeMi and the legal basis upon which we rely to process this data is:
to fulfil the obligations of a legal contract which you enter into when you engage the Services; and
In our legitimate business interests and that of that of the city of Antwerp in connection with our agreement with them, where we manage bicycle furniture on behalf of the city of Antwerp. Under this agreement we may provide information about you to our support department and bike recovery team; in order to prevent fraud; communicate with you about delivery times, services and other updates and for statistical purposes where data will be anonymised.
Where we are required to do so by law, in our legitimate interests or where we need to protect your interests or someone else’s interests; we may share your details with local enforcement agencies, including the police, and to any competent judicial or administrative authority.
Specifically, we may use the Platforms to collect the following Personal Data at the specified times and for these reasons (in brackets):
your first and second name when you first register with us (to identifyyou in order to operate the Service);
gender when you first register with us (to identifyyou in order to properly address you and for our statistical purposes);
name and contact details of parents or guardians of child bikeusers (in order to communicate with those contacts, verify the order, keep the parents updated of and provide important communication on the progress of the order and sendparents information they might be interestedin);
email address when you first register with us, (in order to identify you, verify your order, keep you updated of and provide important communication on the progress of your order and sendyou information you might be interestedin);
billing and postal address when you first register with us, (to identify you, verify credit card details and process yourorder);
contact number when you first register with us and at any other point of the transaction, (to identify you, update you and communicate withyou).
payment information, when you first register with us and at any other point of your subscription (to complete yourorder);
encrypted credit card data when you first register with us and at any other point of your subscription (to complete your order);Direct debit details and mandate when you first register with us and at any other point of your subscription, (to complete your order);
recorded calls when you contact our customer care team (for internal training purposes and to solve usercomplaints);
time stamps from calls and bike stations, including date and time, when you contactour customer care team or collect and return a bike, (to monitor calls for training purposes, to monitor duration of use, track the security of our bikes and to prevent unauthoriseduse);
secure login details if you register for our Platforms (to access secure or otherwise restricted parts ofour Platforms e.g. to access your customer account, marketing preferences controlpanel securely);
twitter handle when you contact our customer care team (so we can respond back to you);
In some circumstances, we may request additional Personal Data to help us to provide you with the most appropriate response – and that use of Personal Data is as provided for in the Privacy and Cookies Notice If you do not provide Personal Data allowing us to process your use of the Service where requested, your access to the Service, or our ability to assist you, may be restricted.
To make your experience of using bikeMi useful, we may rely on our legitimate business interest and use your email address to inform you about the development of Platforms, special offers and promotions. We may share your contact details with our partners of the smart bike/bike scheme upon explicit consent. If you no longer wish to receive this information, you can unsubscribe using the information provided below under “Opt-Out of Marketing and Promotions”.
You have the right to opt out of receiving direct Marketing and Promotions communications by:
clicking on the relevant ‘unsubscribe’ link in theemail;
contacting us at email@example.com
changing your marketing preferences on bikeMi
letting us know at the time that you provide your PersonalData.
If you withdraw, where it has been provided, your consent to receive any further Marketing and Promotions communications from us, we will not contact you further for the purpose of direct marketing. This will not prevent you from using any of bikeMi Platforms.
If you have any queries or complaints about how we have handled your Personal Data, please contact our Privacy Office firstname.lastname@example.org.
We will not ask for your Sensitive Personal Data except in the event we have to report a matter to the legal authorities.
Sensitive or “Special Category” Personal Data means Personal Data which may relate to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. Where you do provide Sensitive Personal Data, we will keep it secure and for a proportionate amount of time, and only use that information in connection with the purpose for which it has been provided.
Our Platforms are not intended to target children under the age of 16. We will not knowingly process their Personal Data via our Platforms. We may process Personal Data of children aged 16 to 18 years old who are bike users, with parental or guardian consent only.
Under the European General Data Protection Regulation and other applicable legislation, you have rights over your Personal Data which include those listed below. To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below.
If you advise us that your Personal Data is no longer accurate, we will amend or update it (where practical and lawful to do so). You can tell us about any inaccurate data by contacting our customer support team email@example.com or update it yourself on the customer portal.
Where permitted by law, you may have the right to contact us to request a copy of Personal Data that we hold about you. Before responding to your request we may ask you to (i) verify your identity and
provide further details so we can better respond to your request.
These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping that Personal Data. Relevant exemptions are included in both the GDPR and in local Data Protection legislation. We will inform you of relevant exemptions we rely upon when responding to any request you make.
You may also request from us to transfer your data to another entity. If you wish to exercise this right, please contact the customer support team firstname.lastname@example.org
If you require further information on your rights or our use of your Personal Data, please contact us at info@bikemi. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
You can ask us to delete or restrict processing of your Personal Data in some circumstances such as where we no longer need it, or you withdraw your consent (if we rely on consent for processing). We might be required to store some or all of your data to fulfil our legal reasons. If we’ve shared it with others, where possible, we’ll let them know about the erasure. If you wish to exercise this right, please contact the customer support team email@example.com
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time.If, at any time, you have consented to us processing your Personal Data in the circumstances or purposes described above, and you no longer wish to have your Personal Data processed in this way, you may unsubscribe by contacting our dedicated customer support team firstname.lastname@example.org
You have the right not to be subject to a decision when it’s based solely on automated processing orprofiling which produces a legal or similarly significant effect on you. We only carry out this type of decision-making where the decision is necessary for the entry intoorperformanceofacontract;orauthorisedbyUnionorMemberstatelawapplicabletous;or based on your explicit consent.
Right to Portability
You can ask us to provide you with your personal data (that you provided to us or that we observed through your activities on our Platforms) in a commonly used and machine-readable format to send it to another controller.
Right to Object
You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing if we are not relying on your consent).
Your Personal Data (and commercial information) will be kept as confidential and as secure as possible. We employ appropriate technical and organisational measures consistent with our legal obligations and standard industry practice. Further, as required by the GDPR, we follow strict security procedures in the storage and disclosure of Personal Data which you have given to us, to prevent unauthorised access as far as reasonably possible.
We use industry standard practices to safeguard the confidentiality of your Personal Data, including “firewalls” and Secure Socket Layers, including compliance with the Payment Card Industry Data Security Standard. We treat your Personal Data as an asset that must be protected against loss, alteration, destruction and unauthorized access and which our employees and representatives must keep confidential, and we use many different security techniques to protect your Personal Data from unauthorized access by users’ inside and outside of bikeMi. We also use internal protections to limit access to users’ Personal Data to only those employees or representatives who need the Personal Data to perform a specific function. It is impossible to guarantee security, but we commit to taking appropriate action in the event of a breach.
We will inform you, as long as it is reasonable to do so, if your Personal Data has been breached.
We transfer your personal data where we use third party service providers (as more fully described in this section below) to help us process Personal Data for the purposes described in this Notice, these will include customer management and intelligence solution providers, aggregated data analytics partners, web hosting facilities, audit and compliance partners.
We may receive and send information about you, including your Personal Data, if you use any of our Platforms to our partners or sub-contractors (Data Processors) in technical, payment, identity verification and delivery services, analytics providers or credit reference agencies;
We only share your Personal Data with third parties in the following cases:
Where it is necessary to involve a third party service provider, for the performance of our contract with you in order to provide the Service (e.g. a payment processor when we charge you fees in relation to the Service);
On the grounds of our legitimate business interests,namely:
As part of the booking process, we may use multiple IT applications to providethe Service toyou.
With a service provider engaged in maintenance of ourplatforms;
We use analytics and search engine providers to assist us in the improvementand optimisation of ourPlatforms.
We may also disclose your information if required to do so by law or in a good faith belief that such access, preservation or disclosure is reasonably necessary to (i) respond to claims asserted against us (ii) to comply with legal proceedings, (iii) to enforce any agreement with our users such as our Terms and Conditions and our Privacy Notice, (iv) in the event of an emergency involving the danger of public health, death or physical injury to a person (v) in the framework of investigation or (vi) to protect the rights, property or personal safety of bikeMi employees andrepresentatives.
If you require further information on our Third Party processors you can contact us at email@example.com.
Non-European countries may have data protection laws that are less protective than the legislation where you live. Where this is the case (such as the United States), our transfers of Personal Data will be regulated by standard contractual clauses relating to the transfer of Personal Data outside of the European Union (or outside of jurisdictions deemed “adequate” for data privacy by the European Union). We will not transfer your data outside of the European Union for any other reason than described in this Notice, unless we are required to do so by operation of law.
If bikeMi or its assets are sold to or merge with another entity you should expect that some or all of the Personal Data collected by us may be transferred to the buyer/surviving company.
If you have provided us with Personal Data, your Personal Data will be retained for the duration of your relationship with us to fulfil the purposes for which we collected it. This includes, the length of time required to satisfy any legal, regulatory, accounting and reporting requirements , and toprocess personal information on you in order to establish or defend legal claims (and we or our third party data processors will amend or dispose of your Personal Data at the end of the relevant retention period).
In determining the appropriate retention period we consider the purpose for which we process your Personal Data, the volume, type and context of the Personal Data, local legal requirements, the risk of harm to the data protection rights of the individual and whether the purpose for processing Personal Data can be established through an alternative method.
For further information regarding the specific retention periods we apply to your Personal Data please contact us at [update to contact details of Smart Bike Scheme].
What Cookies we and third parties use, why are they used, and how they impact you
A cookie is a small text file, typically of letters and numbers (with an ID tag), which may be placed on your computer or mobile when you access our Platforms. Cookies generally allow a website to recognise your device and browsing activity if you return to it, or if you visit another website which recognises the same cookies.
Different cookies perform different functions. Necessary cookieshelp you navigate through pages, “storing preferences” information and functionality cookies generally make the website easier to use. They exist just for the life of your current visit whilst you have your browser open. They are not stored on your hard disk and are erased when you exit your web browser.
Others, such as targeting and advertising cookies, identify products, goods or services you may be interested in and are used to provide you with tailored advertising and performance cookies help us collect aggregated information on how people use our Platforms.
When you visit our Platforms we request your consent for the non-necessary cookies to be placed on your device. To opt out of cookies, please see details below.
Social media sites such as Twitter, Google, Facebook, and LinkedIn may collect information about your internet activity. They may record if you visit our Platforms and the specific pages you are on if you are logged into their services, even if you don’t click on the button. Where this happens, we may be joint controllers with the social media site over the data transmitted to them from our website. However they will be a separate controller for any subsequent use of your Personal Data. You can exercise your rights in relation to jointly controlled Personal Data against either us or the social media partner.
For their subsequent use you should check the privacy and cookies policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
There are a number of ways you can manually manage cookies on your computer/device. Read more on the About Cookies website.
If you access the Internet from more than one computer/device it is important to ensure each browser is configured to suit your cookie preferences.
If you wish to block all cookies all the time you can set your browser to do this. It is important to note that blocking cookies may result in some parts of our site not working properly. This may affect your browsing experience.
Our Platforms respect a DNT:1 signal as a valid browser setting communicating your preference.
If you choose to disable cookies, please be aware that some parts of our Platforms may not work properly and it is likely that your Platform usage won’t be counted and measured as described above, so we won’t be able to take your actions into account when analysing data or when seeking to improve our service based on that analysis.
Should you wish to make any comments, complaints, enquiries or if you have any questions relating to this Notice, your rights, the Platform, our Marketing and Promotion materials or Services we provide, you may contact the Clear Channel Chief Data Privacy Officer by emailing or writing to the PrivacyOffice:
The Chief Data Privacy Officer Privacy Office
Clear Channel International 33 Golden Square
London, UK W1F 9JT
You may also contact the local Data Protection Authority where you live, work or believe the breach has happened. You may contact them here www.garanteprivacy.it.
This Notice is subject to periodic review to ensure it is in line with applicable legislation. We retain all applicable ownership rights to information we collect. We reserve the right to change, modify, add or remove provisions of this Notice. Any changes to this Notice will be posted here, and we encourage you to check back from time to time. If the changes are substantial, we will notify the changes to you.