PRIVACY NOTICE – Application

SUMMARY: 2-MINUTE-READ

We take our obligation to protect your privacy seriously!

That is why we provide you with this 2-minute summary, containing the necessary information on how we process your Personal Data.

What you should know:

First of all : you always remain in control of your data.

To whom does this Privacy Notice apply?

This notice applies to any individual whose Personal Data we may collect, use or otherwise process during their use of our web-based Application

What information do we collect about you?

  • Your account data;
  • Your bicycle data;
  • Information about how you make use of our Application.

Why do we collect this information?

  • To provide you access to our web-based Application via a personal user profile and account;
  • To provide our services;
  • To improve our services, providing technical support and ensuring the functionality and security of our Application.

Who has access to your data?

  • Only the relevant part of our team has access to the information you provide us with.
  • Furthermore, we use some suppliers and service providers, such as but not limited to computer security, digital solutions and web hosting services. These parties are legally obliged to ensure your privacy at all times, and will only process data in accordance with our purposes.
  • Finally, we may commission a third party to process your data. However, they can only do this for aforementioned purposes and upon our instructions and signature of a data processing agreement.

What do you control?

At any moment, you can request to modify, erase or get a copy of your data. To do so, we kindly request you to follow the procedure as described in our full Privacy Notice under Article 5.7.

What do we do to protect your data?

  • We adopted appropriate safety measures on a technical and an organizational level.
  • Your data is stored on high-security servers within the European Union.
  • In order to improve our web-based Application and ensure its safety, Velopass may need to use the data you have provided us. However, at all times, Velopass shall use this data in a GDPR-compliant manner, using state of the art software and solutions.
  • We have implemented internal procedures to ensure the confidentiality of our IT-infrastructure and to make sure it is managed responsibly.

If you want to know more: we invite you to read our entire Privacy Notice below, which explains everything in further detail.

 

PRIVACY NOTICE 

Application

Velopass makes it a matter of utmost importance to respect the privacy of the users of its Application. We are committed to treat your Personal Data with the strictest confidentiality, in accordance with the applicable data protection legislation and the present Privacy Notice (hereinafter the “Privacy Notice”).

This Privacy Notice is intended to inform you, in a transparent manner, about the Personal Data we collect, the purpose for collecting it, the way we use it and the rights you have regarding the processing of such Personal Data.

You are not obliged to provide us your Personal Data, however understand that in some cases, if you refuse to provide us certain Personal Data, we will not be able to provide the requested services or provide you the requested information.

Velopass reserves the right to change, modify and update this Privacy Notice from time to time by posting a revised version in the application. Therefore, we advise you to regularly review this Privacy Notice to stay informed about the latest changes.

If you have any other questions, please do not hesitate to contact us at the following e-mail address: support@velopass.com.

 

ARTICLE 1 – GENERAL 

  1. Velopass BV, (hereinafter “we”, “us”, “our” or “Velopass”), with registered office at Stokerijstraat 29 (box a1), 2110 Wijnegem, Belgium and registered with the Crossroads Bank for Enterprises under enterprise number 0777.359.681, assumes responsibility for the processing of your Personal Data as “Controller“, including the use of the web-based Application (hereinafter “Application”)
  2. In our Privacy Notice, “Personal Data” shall mean any information relating to you as an identified or identifiable natural person and user of the Application
  3. Velopass processes Personal Data in accordance with the applicable legislation, and, in particular, in accordance with:
  1. the EU Regulation of 2016 concerning the protection of individuals with regards to the processing of personal data, regarding the free movement of such data and repealing Directive 95/46/EC; (hereinafter “GDPR”); and/or
  2. all (future) Belgian applicable laws regarding the implementation of the GDPR or regarding the processing of Personal Data.
  1. Accessing or using our Application implies your full and unreserved understanding of this Privacy Notice. This means that you are fully informed about how we collect, use and process your Personal Data, in accordance with the provisions of this Privacy Notice and for the purposes outlined therein.

 

ARTICLE 2 – WHAT PERSONAL DATA DOES VELOPASS COLLECT

For the purposes outlined in Article 3, Velopass might process the following categories of your Personal Data as a user of our Application:

Data Category Details Context
Category 1

Account data

  • First & last Name
  • E-mail address
  • Password hash
  • Phone number
  • Single sign-on (SSO) data related to your Facebook, Google, Microsoft or Apple account (optional)
  • Address (optional)
  • Photo (optional)
Your account data will be processed when you log into our Application for the first time to create your personal user profile.

Optional account data will be processed if you decide to add such data to your personal user profile or if you decide to log in via one of the available SSO mechanisms.

Category 2

Bicycle data

(insofar it comprises Personal Data)

  • Velopass smart frame number
  • Bicycle brand
  • Color scheme
  • Frame number
  • Model (optional)
  • Type (optional)
  • Year of production (optional)
  • Gender (optional)
  • (Selling) price and “for sale” status (optional)
  • Wheel size (optional)
  • Brand of lock (optional)
  • Key number (optional)
  • Frame material & height (optional)
  • Brake type (optional)
  • Drive train (optional)
  • Type of gears & acceleration (optional)
  • Amount of gears (optional)
  • Photos or other bicycle related documentation (optional)
Your bicycle data will be processed during your use of the Application to provide you our services.

Optional bicycle data will be processed when you decide to add it to your registered bicycle in the Application.

Category 3

Information about your usage of the Application

Information related to your use of the Application, such as:

  • Features and functionalities used
  • Technical (device-related) information
  • Feedback
Information about your usage of the Application will be processed when you make use of the Application.

 

ARTICLE 3 – THE LEGAL BASES AND PURPOSES OF DATA PROCESSING

We only process your Personal Data when we have a specific purpose and lawful basis to do so. Furthermore, we only process what is relevant for the pursuit of each specific purpose, in particular:

3.1 General purposes

Data Legal basis Purpose
Category 1

Account data

Necessary for the performance of a contract

(Art. 6.1, b) GDPR)

We may process your account data set out in Category 1 to create your personal user profile, in accordance with the Terms of Use of the Application.
Your consent

(Art. 6.1, a) GDPR)

If you choose to add additional account data to your personal user profile, as set out in Category 1, its processing will be based on your consent.
Category 2

Bicycle data

(insofar it comprises Personal Data)

Necessary for the performance of a contract

(Art. 6.1, b) GDPR)

We may process your bicycle data set out in Category 2 to provide you our services, in accordance with the Terms of Use of the Application.
Your (explicit) consent

(Art. 6.1, a) GDPR or art. 9.2, a) GDPR)

If you choose to add additional bicycle data to your registered bicycle, as set out in Category 2, its processing will be based on your consent. For any optional bicycle data falling under special categories of Personal Data as described in Article 9 of the GDPR, processing will be based on your explicit consent.
Category 3

Information about your usage of the Application

Our legitimate interests

(Art. 6.1, f) GDPR)

We may process information about your usage of our Application set out in Category 3 to pursue our legitimate interests of improving our services, providing technical support and ensuring the functionality and security of the Application.

3.2 Direct Marketing

If we have obtained your electronic contact details in the context of providing our services, we may use your electronic contact details to send you, via e-mail, promotional material regarding similar services we may offer. This is based on our legitimate interest.

Other promotional material, concerning non-similar services we may offer, will only be sent to you if you have given us your prior consent to do so.

We may also transfer some of your Personal Data to our data processors, for direct marketing purposes relating to our services.

We will at all times offer you a GDPR-compliant way to opt out of receiving such emails at any time, free of charge and without motivation, for example by clicking the unsubscribe button at the end of every promotional email or by sending an email to support@velopass.com.

3.3 Transfer to third parties

We treat your Personal Data as confidential information and will not disclose or communicate them to third parties under any condition or for any purpose other than those specified in this Privacy Notice, or under the conditions in which the law requires us to do so.

Notwithstanding the above, we may disclose your Personal Data to third parties to the extent that this is necessary to be able to carry out our business activities, including but not limited to suppliers and service providers that offer services related to IT-support, hosting, computer security or other specific services. In any case, these third parties will not disclose your Personal Data to other third parties, except in the following situations:

  • the communication of your Personal Data by such third parties to their suppliers or subcontractors is necessary to be able to carry out our business activities;
  • such third parties are obliged by applicable law or regulations to communicate certain information or documents to the competent authorities.

Furthermore, we may share your bicycle data set out in Category 2 with bicycle stores who have partnered themselves with Velopass. Your Personal Data will only be shared however, once you have registered yourself in our Application after having been granted access to the Application by the bicycle store in question.

Finally, we may share your Personal Data set out in Category 1 and/or Category 2 with other bicycle professionals who have partnered themselves with Velopass. However, your Personal Data will only be shared with them upon obtaining your (explicit) consent.

We will not sell or hire out your Personal Data to third parties, except in the situations described in this Privacy Notice or unless you explicitly provide your prior consent.

In the event of total or partial reorganization of Velopass, transfer of Velopass’s activities or in the event of Velopass being declared bankrupt, your Personal Data may be transferred to new entities or third parties. If reasonably possible, we will inform you in advance of the fact that Velopass transfers your Personal Data to such third parties.

3.4 Legal requirements

In extraordinary circumstances it may occur that we are obliged to transfer your Personal Data following a court order, or in order to comply with imperative laws and/or regulations. We will, if reasonably possible, try to inform you beforehand, unless revealing this information is subject to legal constraints.

 

Article 4 – THE DURATION OF THE PROCESSING

We will store your Personal Data for the duration necessary to achieve the purposes listed in Article 3 of this Privacy Notice, including for as long as this is necessary for the contractual relationship between you and Velopass.

We may also store your Personal Data in order to comply with applicable laws or as part of legal requirements, including storage obligations after the termination of the contractual relationship between you and Velopass. Therefore, the retention periods mentioned below shall not apply where we are legally obliged to store your Personal Data for shorter or longer periods of time, including by applicable statutes of limitation for invoicing, payment, accounting, tax and regulatory compliance.

Retention periods

Data Retention period
Category 1

Identification data

Your Personal Data contained in Category 1 will be retained for two (2) years after the deletion of your user profile (which indicates the end of our contractual relationship).
Category 2

Bicycle data

Your Personal Data contained in Category 2 will be retained for two (2) years after the deletion of your user profile (which indicates the end of our contractual relationship)
Category 3

Information about your usage of the Application

Your Personal Data contained in Category 3 will be retained for two (2) years after the deletion of your user profile (which indicates the end of our contractual relationship).

 

ARTICLE 5 – YOUR RIGHTS

5.1 Right of access and right to obtain a copy

At any time, you have the right to request access to your Personal Data, as well as to be informed about the purpose of the processing.

5.2 Right to rectification, erasure or restriction

You always have the right to ask to rectify your Personal Data when you think it is inaccurate.

You can also request the processing of your Personal Data to be restricted if you think that your data is inaccurate, and you subsequently have made notification of this.

In addition, you have the right to ask to erase your Personal Data as far as it is not possible to anonymize it.

5.3 Right to object

You have the right to object to the processing of your Personal Data when you have and provide serious and legitimate reasons to do so.

You also have the right to object to the use of your Personal Data for direct marketing purposes. In such a case, you do not need to provide a specific reasoning for your objection.

5.4 Right to data portability

You have the right to obtain your Personal Data in a structured, commonly used format and/or to transfer this data to another data controller.

5.5 Right to withdraw consent

When the processing of your Personal Data is based on your prior (explicit) consent, you have the right to withdraw this consent at any time.

5.6 Automated decisions and profiling

You have the right to request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5.7 Exercising your rights

You can exercise your rights by contacting us with a copy of the essential parts of your ID, such as name and date of birth, as attachment:

Either through e-mail to: support@velopass.com

Or via ordinary mail to: Velopass BV, Stokerijstraat 29 (box a1), 2110 Wijnegem, Belgium.

5.8. Right to file a complaint:

You have the right to file a complaint with Velopass’s supervising Data Protection Authority:

Autorité de la protection des données – Gegevensbescherming Autoriteit (APD –  GBA)
Address: Drukpersstraat 35, 1000 Brussels, Belgium
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail: contact@apd-gba.be

This is without prejudice to proceedings before the civil courts. If you are from an EU Member State other than Belgium, you may also file a complaint with your national data protection authority (a list of the data protection authority for each EU-member state can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en).

If you have suffered damage as a result of the processing of your Personal Data, you may file a claim for compensation.

 

ARTICLE 6 – SECURITY AND CONFIDENTIALITY

We have adopted safety measures which are suited on a technical, organizational and physical level to avoid the destruction, the loss, the forgery, the adjustment, the non-authorized access or the accidental disclosure of your Personal Data to a third party, as well as the non-authorized processing of these data.

Nevertheless, should these events still occur and affect your Personal Data, we will inform you of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.

We shall not be liable in any way for direct or indirect damages caused by a wrongful or improper use of the Personal Data by a third party.

At the same time, you also share responsibility for maintaining the privacy and security of the Application, for example: by not allowing any third party to have insight into your confidential information.

 

ARTICLE 7 – APPLICABLE LAW AND JURISDICTION

This Privacy Notice is managed, interpreted and executed in accordance with Belgian law which exclusively applies to every potential dispute.

The courts of Antwerp have exclusive jurisdiction to settle any dispute arising out of or in connection to the interpretation or execution of the present Privacy Notice.

My bike
in my name