Processing of personal data

This statement provides you with information about UIP Oslo Bysykkel AS hereinafter referred to as "UIP") processing of personal data in connection with the use of UIP's city bike services.

The privacy policy provides you with information about what personal data we collect, why we process your personal data and your rights in relation to the processing of personal data.


Data Controller

UIP Oslo Bysykkel AS (org. no. 914 253 721) - for customers of Oslo Bysykkel

UIP operates and develops the city bike system in Oslo and is responsible for the processing of personal data stored and processed in connection with the city bike services. UIP is therefore the data controller for the processing of your personal data. The data controller determines the purpose of the processing of personal data and the means to be used.

Our contact information is: Address: Kværnerveien 5, 0192 Oslo 

Email: post@oslobysykkel.no

Telephone: 915 89 700

If you have any questions regarding UIP's processing of your personal data or this privacy policy, you can contact our customer service as described above.

What personal data we process, purpose and the basis for processing

In order for you to be able to use our city bike service, we process the following categories of personal data for the following purposes:

  • Phone number, to create and use a user profile and link your identity to it
  • Email address, to be able to communicate with you about the city bike service if necessary
  • Which subscription you have, in order to be able to deliver services in accordance with the subscription
  • Payment information, so that you can pay for the service
  • Your phone's position when the app is in use, to determine your proximity to a station and unlock or lock a bike and possibly when you use the map service
  • The bike's position during a trip, to be able to find a lost or stolen bike

The information mentioned above is necessary to purchase a subscription and gain access to the city bike service. The information is necessary to fulfill an agreement with you regarding the use of city bike services, and you cannot use the city bike service without providing this information.

You may voluntarily choose to provide the following information to us in connection with the use of the city bike service, for the following purposes:

  • Name, used to communicate with you
  • Email or phone number, to send messages about campaigns or marketing content
  • Postal code, to analyse where people live in relation to where and when they cycle
  • Gender, to analyse which groups of the population use our service
  • Year of birth, to analyse which groups of the population use our service

By granting the Apple Health app access to your bike rides, the Oslo Bike app will initially retrieve your weight data (if provided; otherwise, a default weight will be used). Subsequently, approximate ride duration, distance travelled, and estimated calorie expenditure will be recorded in the Health app. Your health data (weight and calorie burn) will remain solely within the Oslo Bike app and your device.

The information mentioned above is only processed with your informed consent. You can delete this information yourself in your user profile, and thereby withdraw your consent at any time. You can also contact our customer service to withdraw your consent and delete your information.

In addition, UIP processes the following information for the following purposes:

  • Information about trips, including start and end time and stations (trip history), to give you an overview of completed trips and analyse and improve our services (for example, to understand usage patterns and know where there is a need to refill bikes)
  • Version of app, mobile's operating system and mobile's language, to be able to deliver the service (app) to your mobile and communicate in the correct language
  • The bike's position during a trip, to analyse usage at an aggregated level
  • Usage data and fault diagnosis, to test and quality assure our systems and perform troubleshooting
  • Information that can be used for grouping (e.g. postal code), to provide customised information to those who have consented to it

The information mentioned above is processed on the basis of UIP's legitimate interests in being able to deliver and develop city bike services in a suitable manner and to achieve the purposes mentioned above. The privacy of individuals is taken into account when assessing whether the processing is necessary to safeguard these interests.

UIP also processes personal data to fulfil legal obligations, such as storing payment information to fulfil obligations under the accounting regulations.

Personal data is collected from you when creating and updating a user profile and through your use of the city bike service.

Who has access to your personal data

  • Internal access: Only employees who need access to personal data to perform their tasks are granted access. This mainly means our customer service representatives, as well as employees who follow up on any errors or disputes related to the services. A very limited number of our employees have access to our entire customer register, with the aim of ensuring the continuous operation of this customer register.
  • External access: UIP will only disclose your personal data to third parties if UIP has a legal basis for disclosure. UIP may, for example, disclose personal data to public authorities to comply with statutory requirements or orders (e.g. the tax authorities or the police), or to safeguard our rights in connection with a dispute with a customer (e.g. to the Consumer Council or the Consumer Complaints Board). We can also share your personal data with partners who offer our users member benefits, such as OBOS. Disclosure to such partners is conditional on your consent. We share aggregated and anonymized data about our users and their use of the service - which cannot identify you as an individual - with research projects and institutions for statistical and research purposes, to the client (the municipality), and openly to the public.
  • Data processors: UIP uses data processors to collect, store or otherwise process personal data on our behalf, e.g. in connection with the use of IT systems, payment services, email newsletters, chat services, etc. The relationship with such suppliers is governed by a data processor agreement, which inter alia ensures information security for your personal data.

Your rights

You have the right to request access to, rectification or erasure of the personal data we process about you if the conditions for this are met. You may also have the right to request restricted processing, object to the processing (protest) and, in some cases, request data portability, which means you can request that your personal data be transferred to you or to another company in a structured, commonly used and machine-readable format. If the processing is based on your consent, you can withdraw your consent at any time.

You also have the right to complain about our processing of your personal data to the Data Protection Authority, but we encourage you to contact us first so that we can address your objections and clarify any misunderstandings.

You have access at all times to given consents and information we have stored about you in your user profile, and you can correct or delete information yourself and withdraw your consents here. If you have questions about your rights, or wish to exercise your rights, you can contact UIP via the contact information stated at the top of the page. See more about deletion below.

Storage times

Storage of personal data UIP stores your personal data for as long as is necessary to achieve the purposes for which the personal data was collected, as defined in this statement. This means that we store personal data related to your user profile as long as you are registered with us, unless otherwise expressly stated. If your user profile is inactive for 3 years, it will be deactivated and information will be deleted within 3 months as described below.

Deletion If you delete your account with us, you will immediately lose access to the service and our customer service representatives will no longer be able to see you or your data. For operational reasons, however, it may take up to 3 months before all information about you is removed from UIP's systems. Continued storage of your personal data may however be necessary as a result of UIP's need to:

  • comply with legal requirements, including requirements for continued storage under accounting legislation. This applies, for example, to payment and transaction history, which UIP is obliged to store for up to 5 years in accordance with the Accounting Act, or
  • establish, exercise or defend a legal claim, including to safeguard its interests in a dispute with you regarding e.g. a lost or damaged bike

How we protect your personal data UIP takes its users' privacy seriously, and has implemented appropriate technical and organisational security measures to protect personal data against breaches of personal data security, unauthorised access to and disclosure of personal data, including:

  • Communication with and between our services is encrypted.
  • Stored data is encrypted and is not accessible to our subcontractors of IT infrastructure.
  • Data centres where your information is stored are physically secured against intrusion.
  • All reading of information about you is logged, so that this can be verified.
  • Internal access is done with up-to-date software, and with 2-factor authentication at login.
  • Information about payments and payment cards is stored in secure PCI-certified systems with our payment provider Stripe.

Links to other sites

From time to time there may be links on UIP's website to other websites, including web pages operated by our partners. When you follow one of these links, you leave our website. These third-party websites have their own privacy statements that determine how the web pages are operated, as well as how personal information is collected and processed. We recommend that you familiarise yourself with the third-party website's own privacy statements and terms of use when you visit and use these websites.

Amendments

From time to time, UIP will make changes to this privacy statement. An updated version of UIP's privacy statement will be available at all times in the app and on our website. You are encouraged to visit this page regularly to keep up to date with our current privacy statement. If UIP makes changes to the processing of personal data, this statement will be updated. You will be notified of these changes via our app, on the website and / or through the contact information you have provided.