Privacy policy

Updated on : 10 August 2023

CONFIDENTIALITY POLICY


 

Effective date: 19 December 2022

We carefully protect your personal data.

Citybike Méditerranée, a simplified joint-stock company with €1,000 in capital and a registered address of 10, place de la Joliette - 13002 MARSEILLE (France), registered with the Corporate and Trade Register of Marseille under the number 915 337 653 (“we” and “our”), undertakes to respect the privacy and applicable laws on data protection with regard to users (“you” and “your”) of its service (the “Service”, as more precisely defined in the article “Definitions”).
This confidentiality declaration (the “Declaration”) describes our method for collecting and using personal data in the scope of your use of the Service, the website (the “Website”) and your communication with us, as the joint data controller along with Métropole d’Aix Marseille Provence under the terms of European personal data protection regulations.
The software on your terminal may have access to your information. Our products or services may include links to other websites owned by companies with their own confidentiality notifications. We recommend you carefully read their confidentiality notifications.
This declaration only applies to the scope of the Service and the Website.
You are not required to communicate your personal data. Nonetheless, if you choose not to disclose them, we may not be able to provide our products or services or all of their features or answer your questions.


Definitions

  • We” or “our”: refers to the company Citybike Méditerranée as designated at the top of the Declaration.
     
  • Service”: refers to the self-service e-bike service proposed by Métropole d’Aix Marseille Provence as defined in the General Terms of Use of the levélo Service to which said service is subject and which forms an inseparable whole along with the Declaration.
     
  • levélo”: a trademark owned by Métropole d’Aix Marseille Provence.
     
  • the App”: refers to the program available for free download which may be used on smartphone and tablet operating systems (iOS or Android). They allow the Service User to find nearby bikes, unlock them, follow cyclist-adapted itineraries, as well as check the number of km travelled, subscribe to the Service, contact Customer Service and report incidents.


What data do we collect?


We collect your personal data and other information when you complete the various questionnaires online in the scope of your use of the Service and the Website or when you answer questions that are communicated by email, phone, the levélo app (“the App”) or through any other means of communication when you take part in a campaign, survey or interact with us. This includes the following cases:

  • Our applications may regularly contact our servers to verify whether there are any updates or to send us information concerning your use of the services, for example. Moreover, we may invite you to voluntarily join service enhancement or research programmes through which we collect detailed information such as your social-professional status, your gender or even your use of our services.
    Information you have provided us with: when creating an account as part of your use of the Service, request our services, participate in campaigns or surveys, or if you interact with us, we may ask you for information such as your name, email address, phone number, mailing address, user names and passwords, comments, information on your terminals, age, gender, language.
    We will also save your consent, your preferences and settings linked to localisation data, marketing and personal data sharing, for example.
  • Your transactions with us: we save a record of your purchases, downloads, the content you have provided us with, your requests, the agreements between you and us, the products and services we have offered you, the payment and delivery details as well as your interactions with us. Pursuant to applicable laws, we can record your communications with our customer service or any other point of contact.
    Positioning and localisation data: localisation services establish the latter when using positioning methods via satellite, mobile, Wi-Fi and other networks. These technologies may imply the sharing of your localisation data and unique mobile identification number, your login data for Wi-Fi or other networks with us. Our products may work with different platforms, applications and services which may also collect your positioning data. We do not use this information to identify you personally without your consent.
  • Your email address: we may process your email address if you have provided it to us via our Website.
    We also collect personal data through cookies and trackers on our Website and App. Please refer to the section “How do we use cookies and web trackers?” for more information.


Why do we process your personal data?


We may process your personal data to meet different needs:

  • To provide the Service: we may use your personal data to provide you with the Service, maintain it, to process your requests and, more generally, to perform the contract between us and you to guarantee the functioning and security of our products and our services and, particularly, the Service, to identify you in order to provide the Service as well as to be able to prevent fraud and other wrongful uses or investigate such matters.
  • To communicate with you: we may use your personal data to communicate with you to inform you that our services have changed or to send you alerts concerning our products and/or services and in order to contact you through our customer service, for example.
    Marketing, advertising and recommendations: we may contact you to inform you of new products or services, or promotions which may be offered to you after securing your consent or when such is allowed.
  • Anonymised statistics: we may aggregate GPS data on all users to provide statistics on travel habits which may be disclosed to our partners. This aggregate data shall be anonymised according to the conditions provided for by laws in effect on personal data protection.
    We use your personal data with your consent or when necessary for proper performance of the contractual relationship between us. We may also use your personal data when the law or our legitimate interest so requires, to protect our customers, to preserve the security of our products and services, as well as to protect our rights and our property, for example.


Do we share your personal data?


We do not sell, rent out or disclose your personal data to third parties except in the cases mentioned above.

  • Your consent and social network buttons: we may share your personal data if you have granted consent. Some of our products and services may allow you to share your personal data with social networks. We ask you to be vigilant and read the personal data protection policies for those social networks in order to precisely understand what information is collected by these sites as well as the purposes of the use of your data, particularly for advertising purposes.
  • Inurba group companies and authorised third parties: we can share your personal data with other companies in the Inurba group or authorised third parties, processing personal data on behalf of Citybike Méditerranée in accordance with the points indicated in this Declaration. This may include billing by your network operator or the delivery of personal batteries, offering services such as customer service, management and analysis of consumer data, surveys, sales management or others, for example.
  • We may conduct sales campaigns and other communication methods in collaboration with our authorised third-party partners. In order to prevent duplicate, useless communications and in order to send you a message adapted to your needs, we may have a need to compare the data collected by Citybike Méditerranée with the data collected by the partner when the law so allows.
  • These third parties authorised by Inurba are not authorised to use your personal data for any other purpose. We request they comply with this Declaration and personal data protection regulations in effect and to use appropriate security measures in order to protect your personal data.
  • International personal data transfers: our products and our services may be provided using resources and servers found in various countries all over the world. Your personal data may then be transferred beyond the borders of the country where you use our services including countries not located in the European Community, without laws providing specific personal data protection or with different data protection laws. In such cases, we take measures to ensure adequate protection of your personal data in accordance with applicable laws by using agreements approved by the pertinent authorities (i.e. the European Commission) and requiring the use of technical and organisational security measures associated with the information.
  • Mandatory disclosures: we may be required by law to disclose your personal data to certain authorities or third parties such as the police forces in the countries where we operate or third parties operate in our name. We may also disclose and process your personal data in accordance with applicable laws to defend our legitimate interests such as in the case of civil or criminal court proceedings.
  • Mergers and acquisitions: if we decide to sell, purchase, merge or reorganise our activities in certain countries, it may imply that we have disclosed your personal data to possible or current buyers and their advisors or received personal data from sellers and their advisors.


How is data quality approached?


We take all reasonable measures so the personal data we hold is updated and to delete any personal data that is known to be erroneous or unnecessary. We only save your personal data for the time necessary to fulfil the aims described in this Declaration or which have been communicated to you otherwise unless another longer period is required by law.


We encourage you to access your account to check your personal data from time to time in order to help us keep them updated.


What measures are taken to protect your personal data?


Confidentiality and security are of crucial importance in the way we create and provide our products and services. We have assigned specific responsibilities in order to respond to problems associated with security and confidentiality. We ensure respect for our internal policies and guidelines through selecting appropriate activities, particularly proactive management and response to risks, security and confidentiality engineering, training and evaluations. We take appropriate measures to handle online security, physical security, data loss and other risks by considering the risk represented by the processing and the type of data which are protected. We also restrict access to our databases containing personal data to only authorised personnel with a justified need to access such information.
 


How do we use cookies?


A cookie is a small text file containing data which is saved on a terminal (computer, tablet, smartphone...) when you browse a website. We use cookies, web trackers and other similar technologies to operate and enhance our Website and our App. 


Below is a list of cookies we use:

NamePurposeDuration

Domain/media

concerned

Session

Keep the user logged into their account

to ensure authenticated and secure

browsing.

7 dayslevelo.ampmetropole.fr/profile

How can you manage/delete these cookies?


All of the main Internet browsers allow you to manage the cookies installed on your computer or mobile device.


If you do not want our Website to place cookies on your computer or mobile device, restrict or delete them easily by adjusting your browser or mobile device settings. Moreover, you may make it so your computer or mobile device sends you a notification each time you receive a cookie on your computer or mobile device in order to decide whether to accept it or not.


We notify any new users with a specific banner that cookies are used on our website. You may then accept or reject them. You may reset your choices at any time by clicking here. The cookies authorisation banner will then be posted upon your next connection.
 


What are your rights?


You have the following rights concerning your personal data we use:

  • Access: you have the right to know what personal data on you we save and to obtain a copy.
  • Data portability: subject to the law, you have the right to obtain the personal data you have provided us with in a machine-readable format.
  • Rectification: you have the right to request any incomplete, erroneous or non-updated data on you be rectified.
  • Erasure: you have the right to request the erasure of your personal data when they are no longer necessary to achieve the purpose if you have withdrawn your consent to processing or you object in accordance with personal data protection regulations, if such processing is unlawful or even if a legal obligation in effect imposes such.
  • Withdrawal of consent: you have the right to withdraw the authorisation you have granted to use your personal data.
  • Objection: you have the right to object to personal data processing if based on the execution of a mission of public interest or relevant to the exercise of public authority or based on a legitimate interest pursued by us, for reasons linked to your own personal situation. You may also object at any time to processing for commercial purposes.
  • Restriction: you have the right to request the restriction of processing of your personal data when you challenge the accuracy of your personal data subject of processing, if the processing is unlawful and you object to the erasure of your personal data, if you believe it is useful or if you object to processing during our verification of the legitimacy of our interests.
  • Post-mortem directives: you also have the right to define instructions concerning the conservation, erasure and communication of your personal data after your death.
     

If you wish to exercise any of your rights, you may contact us at the contact email address. If you are still not satisfied, you also have the right to file a complaint with a competent supervisory authority; namely, in France, the French National Data Protection Commission.


How long do we keep your personal data?


Your data will be saved for a period not to exceed that which is necessary to achieve the purposes listed in this Declaration.


If your data are no longer necessary for the purposes indicated in this Declaration, they will be regularly deleted or anonymised unless it is necessary to save them for a longer period of time:

  • to ensure respect for legal, accounting and tax conservation obligations; in other words, 10 years;
  • to save proof for the applicable prescription period; in other words, 5 years;
  • for commercial prospecting purposes; in other words, 3 years from the end of our contractual relationship with you beginning on the date of our last contact with you.
     

Furthermore, if we notice that your user account has not been used for more than 2 years, we will delete your personal data.


What are the access permissions required by the App?


You must provide the following permissions to the App so we may collect the necessary data for your registration and your use of the levélo Service.

  • Camera: this permission is necessary to scan the QR code identifying the bike.
  • Location: this permission is necessary to locate you on the map (MapBox), indicate the position of bikes nearby and how to access them.
  • Bluetooth: this permission is necessary to establish and maintain connection between the User’s phone and the bike for proper use of the levélo Service.

Modification of the Declaration


We reserve the right to modify this Declaration at any time with or without advance notice. Nonetheless, if our Declaration must be modified, you will be notified by email so you may read the modifications.


Contact


If you have any questions or concerns regarding this Declaration or, in general, with regard to the way we process your data, you may contact us at the following email address: contact email address.