EN
ES
Sign In
Last Updated on June 15, 2024

Privacy Policy

Introduction

Welcome to BikesBay.Cloud, a comprehensive Software as a Service (SaaS) solution, hereinafter referred to as the System, for companies engaged in the rental of vehicles, including cars and motorcycles. The System offers tools for managing bookings, maintaining vehicle and client records, analyzing financial metrics, tracking GPS coordinates of equipment, and much more, while ensuring the secure storage of clients' personal data and enabling data-driven decision-making.

As a data processor, the System Owner strictly adheres to the General Data Protection Regulation (GDPR), underscoring my commitment to the protection of personal data and confidentiality at all levels of service usage. This Privacy Policy is designed to help you understand how your data is collected, used, and protected.

Definitions

System Owner — an individual or legal entity managing this service and responsible for complying with data protection and confidentiality principles according to GDPR and other applicable data protection laws.

System User — a company or sole proprietor who uses our System to manage their vehicle rental business, including, but not limited to, cars and motorcycles. They register in the System, creating accounts to access and use the system’s functionalities for their commercial purposes.

Rental Client — an individual who rents a vehicle from our System User. This data includes information necessary for processing the rental, such as name, contact details, and payment information.

Personal Data — information about identifiable individuals that System Users and their employees may enter into the System. Such information can include the name, surname, email address, and phone number of rental clients. System Users may also add additional data, including document scans, at their discretion. The introduction of any personal data occurs at the System Users' discretion, based on their business needs and the requirements of servicing Rental Clients.

Data Processing — the execution of operations on personal data, including collection, recording, organization, structuring, storage, adaptation, or alteration, as well as using data to create reports, search, and other processes within the system. All these operations are performed by the system without access or data transfer to third parties.

Data Processor — a physical or legal entity that processes personal data on behalf of the controller. In this context, the System Owner and the company Hetzner, which provides server infrastructure, act as data processors, ensuring compliance with GDPR requirements and the protection of stored data.

Data Controller — a physical or legal entity, such as a vehicle rental company (System User), that uses my System to automate business processes, including managing bookings and client data. The System User and their employees independently determine the purposes and means of data processing while complying with data protection legislation.

Collection and Use of Information

  1. Types of Data Collected by the System:

    • System User Data at Registration: Company name (required), username (any set of characters), automatically generated password (with the option to change to a personal one), required fields for email and user name, and an optional phone number.
    • Rental Client Data: Name, surname, contact details (phone number or email), passport or driver's license number, document scans (entered at the System Users' discretion), as well as a detailed booking history including the type of transport, price, and rental terms.

  2. Purposes for Data Collection and Use:

    • Account and Booking Management: Ensuring access and functionality of accounts, managing bookings.
    • Identification and History of Rental Clients: Collecting data on Rental Clients for the purpose of identifying their repeat visits, analyzing interaction history to provide quality service, and preventing potential problems.
    • Client Base Analysis: Using data to analyze demographic characteristics and preferences of Rental Clients, improving marketing strategies and service.
    • Security: Protecting data within the system from unauthorized access and other threats.
    • Compliance with Legislation: Ensuring that the system's actions comply with data protection laws.
    • Communications: System Users communicating with their Rental Clients regarding their bookings and inquiries.

Responsibility for Misconduct by System User Employees

The System Owner provides tools for managing the personal data of Rental Clients in accordance with data protection legislation. A System User, acting as a data controller, bears full responsibility for adhering to data protection procedures for their clients. The System Owner is not responsible for any actions by employees of a System User who may use the data for illegal or unethical purposes.

A System User is required to ensure that all their employees who have access to personal data comply with established standards of confidentiality and data security. In the event of a data breach caused by the actions of a System User's employee, the responsibility for resolving the consequences of such a breach, including legal and financial consequences, lies entirely with the System User.

Data Subject Rights

System Users, as well as Rental Clients, have the following rights in accordance with GDPR:

  • The Right to Access (Article 15 GDPR): A Rental Client has the right to request confirmation that their personal data is being processed in our System. Due to technical limitations of the System, direct access to the complete data is not provided. A Rental Client can receive confirmation that their data is being processed, but direct access to the electronic record of data through the System is not possible. All requests for information must be directed specifically to the System User from whom the vehicle was rented, and must be accompanied by appropriate identity verification measures, described in the section "Verification of Rental Client Requests”.
  • The Right to Rectification (Article 16 GDPR): Rental Clients may request the rectification of inaccurate data through the System User who manages their data.
  • The Right to Erasure (Article 17 GDPR, "Right to be Forgotten"): Rental Clients may request the deletion of their data, providing proof of their identity in a similar manner as described in the "Right to Access". Requests are processed within 30 days. System Users can also delete their data themselves through the mobile application. When an account is deleted, all associated Personal Data will be permanently deleted within 24 hours. Data associated with the business, such as bookings, expenses, documents, and sub-accounts, will remain in the System if the account is deleted by a Manager. If the account is deleted by a Business Owner, all associated data, including sub-accounts, will be deleted.

Verification of Rental Client Requests

Rental Clients can make requests to modify or delete their data, as well as to confirm that their data is being processed, in the following ways:

  • Email: Rental Clients can send requests directly to the System User via the email address provided to them for communication during the rental service process. This address is used for all official requests related to personal data.
  • In Person: Rental Clients can also visit the office of the System User in person to submit their requests.
  • Verification Procedure: If the request is submitted from an unregistered email address or if additional identity confirmation is required, the Rental Client must provide a photograph of themselves holding an open identity document (passport or driver's license) next to their face. The document number, surname, and year of birth must be clearly visible on the photograph. After processing the request, the System User is obligated to delete the provided photograph to comply with privacy policies.

Important Note: Due to technical limitations of the System, direct access to full data is not provided to the Rental Client. A Rental Client may request confirmation that their personal data is being processed, but for additional information or to modify these data, it is necessary to directly contact the System User from whom they rented the vehicle.

Data Transfer

  • Transfer of Data to Third Parties: Personal data of Rental Clients are processed solely within the scope of the provided services and are not transferred to third parties without explicit consent, except in cases required by law. The role of the System Owner is to provide the technical means for data processing, while decisions about data transfer are made by the System Users.
  • International Data Transfer: Personal data may be processed on servers in Germany, provided by Hetzner, which acts as a data processor alongside the System Owner. Both data processors operate in accordance with GDPR standards, ensuring a high level of data protection. For the transfer of personal data outside the European Union, we use standard contractual clauses approved by the European Commission, in accordance with Article 46 GDPR. This ensures compliance with the requirements of the General Data Protection Regulation and guarantees the protection of your data when transferred to countries that do not provide a similar level of data protection.

Data Security

The following measures are taken to ensure data security:

  • Encrypted Storage: Users' personal data are stored on encrypted disks.
  • Activity Audit: All data access requests by users are logged and stored in log files.
  • Daily Data Backup: Data are backed up daily to an encrypted storage.
  • Secure Access: Access to user data is only possible through secure TLS (SSL) connections.
  • Firewall Protection: All requests for access to user data go through a firewall.

These measures help ensure a high level of protection for users' personal data.

If you have any questions regarding the security of your data, you can contact the data administrator at the following email address: [email protected]. This address is intended for inquiries related to the protection and processing of personal information.

Use of Cookies and Similar Technologies

The System Owner uses cookies exclusively to ensure the functionality of the System. These cookies are necessary for maintaining user sessions and saving language preferences for the interface. The use of cookies is critical for the operation of the System's services, as without them, the System would not be able to function correctly. The System Owner does not use cookies for analytics or marketing, and disabling cookies may disrupt the functionality of the website or application.

Links to Other Websites

Within the BikesBay.Cloud System, which includes a website and a mobile application, System Users may insert links to external sites as part of their activities, such as in comments on bookings. These links are accessible only to System Users and their employees and are not visible to other users. We do not control and are not responsible for the content or privacy policies of these external sites.

Changes to the Privacy Policy

The System Owner reserves the right to update the privacy policy as necessary to reflect changes in data processing practices or in accordance with legislative changes. All changes will be published on this page with the date of the latest update noted. The System Owner recommends that system users regularly review this privacy policy to stay informed of any changes. Significant changes are defined as any changes that significantly affect users' rights or the processing of their personal data. In such cases, the System Owner will provide additional notification via email.

Contact Information

If you have any questions or suggestions regarding this privacy policy, please contact us via email at: [email protected]

We are committed to ensuring the confidentiality and security of your data and are ready to answer any questions you may have regarding the processing of personal information.

Terms of Service Privacy Policy Data Processing Addendum
Changelog About BikesBay
© 2024 BikesBay.Cloud. All rights reserved.