Privacy Policy
Last update 26 January 2022
The Website www.cityscoot.eu, the Application and the Cityscoot service (hereinafter “our Services”) are offered by the company CITYSCOOT, a simplified joint-stock company (société par actions simplifiée) registered in the Paris Trade and Companies Register under the number 800 862 021, with registered office located at 8 rue Bayen, 75017 Paris and CITYSCOOT ITALIA S.R.L., located in Milan (Italy), Via Spezia 1 CAP 20142, registered under the number MI – 2525958 for Italy (hereinafter “Cityscoot” or “We”).
Cityscoot undertakes to protect the privacy of all visitors and Clients of its Services. It undertakes to ensure that the collection and processing of your data is carried out in accordance with the General Data Protection Regulation (GDPR) and the French law on data protection (“Informatique et Libertés”).
The Privacy Policy sets out our commitments and the fundamental principles that we apply to the protection of personal data. It provides information about the procedures implemented in the collection and use of your data, as well as the options and rights to which you are entitled. It supplements the General Terms of Use of the Service. The Capitalised terms for which no definition is provided herein have the meaning assigned to them in the said General Terms of Use.
We may amend the Privacy Policy at any time in order, in particular, to comply with any regulatory, jurisprudential, editorial or technical developments. We invite you to consult the latest version before each visit.
Who does this policy concern?
The collection and processing of personal data concerns all visitors, Clients and Users of our Services.
When registering or accessing our services, you will receive all mandatory information relating to the collection and processing of your Data.
Pursuant to our General Terms of Use, access to our Services is reserved for adults.
What personal data is processed?
When creating a CITYSCOOT account, registering, using our Services or purchasing coupons on cityscoot.eu/for-employees, the following personal data may be collected and processed:
- Personal identification data (surname, first name, data of birth, photograph, ID document, driving licence, BCR);
- Personal contact data (email address, postal address, telephone number);
- Personal payment data (bank details);
- Scooter location data (point of collection and return, journey history);
- Browsing data (IP address, connection data, browser type and version, browser plug-ins type and version, operating systems and platforms, device identifier for advertisers);
- Mobile device location data.
When do we collect your personal data?
The personal data is derived from the information that you provide directly when registering for our Services or, if you access our Services via your Uber account, the data provided to us by the latter (name, email address, telephone number, number of the scooter you wish to reserve, your data of birth and postal address in the event of a road traffic offence), or when purchasing coupons on cityscoot.eu.for-employees.
Your journey history is collected when you use our Services.
When you visit our Website or Application, browsing and location data, taken from cookies or similar technologies, will be collected.
Data may also be collected when participating in a competition, a customer survey or when communicating with our customer service department.
What information do we provide you with when collecting your data?
When collecting your data, the following information in particular is provided to you:
- The reasons for collecting this data (purpose);
- Whether the provision of certain data is obligatory or optional and, where applicable, the consequences of failing to provide obligatory data (if obligatory data is not provided, access to the Services is not permitted);
- The status of Cityscoot as data controller.
- Your rights and the means of exercising said rights through Cityscoot;
- The legal basis underpinning the lawfulness of the processing (for example, whether the processing is based on your consent, the requirement to comply with a legal obligation, the need to execute the contract that binds us, the legitimate interests of Cityscoot or a third party, etc.);
- The categories of persons authorised to access your data (i.e. the recipients of your data);
- Where we intend to transfer your data outside of the European Union, we put in place guarantees and inform you of these guarantees ensuring the compliance of these transfers with the French data protection regulations (Informatique et Libertés);
- The data retention periods or, where this is not possible, the criteria used to determine such periods;
- And more generally all the information required by the French data protection regulations (Informatique et Libertés).
We retain your data only for the time required to complete the operations for which such data has been collected and in accordance with the regulations. We subsequently delete the personal data, expect where we need to retain such data (evidence for civil-law actions which may not exceed 5 years, or pursuant to legal data retention requirements).
The purposes and corresponding retention periods are:
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
|
PROCESSING LEGAL BASIS RETENTION PERIOD (2) |
PROCESSING |
LEGAL BASIS |
RETENTION PERIOD (2) |
| Prospecting new customers | CONSENT | Cookies: maximum 13 months Prospect info: 3 years from last contact from customer |
|
Managing customer base (B2C) |
CONTRACT EXECUTION / LEGAL REQUIREMENT | Bank details: 13 months Other data: 3 years from last contact from customer |
| Profiling customer base Targeted prospection |
CONTRACT EXECUTION | 3 years from last contact from customer |
| Profiling customer base Sponsorship |
CONSENT | 3 years from last contact from customer |
| Analytical activity management | CONSENT | 13 months from data collection |
|
Developing customer loyalty |
CONSENT | 3 years from last contact from customer |
| Developing customer loyalty Free minutes scheme |
CONTRACT EXECUTION | 3 years from last contact from customer |
| Managing user support | CONTRACT EXECUTION | 3 years from last contact from customer |
| Improving parking facilities | LEGITIMATE INTEREST | 2 months from last journey |
| Managing requests to exercise rights (1) | LEGAL REQUIREMENT | Minimum 3 years from the request |
| Local authority reporting | CONTRACT EXECUTION | Unlimited: Anonymous data |
| Customer studies | CONSENT | Length of the study. Anonymous data for the results |
| Accounting and payment | CONTRACT EXECUTION / LEGAL REQUIREMENT | Statutory retention period for invoices: 10 years |
| Accounting and payment Blocking of Users in default of payment |
LEGITIMATE INTEREST | Statutory retention period for invoices: 10 years |
| Provision of services via the Uber platform | CONTRACT EXECUTION | 3 years from last contact from customer |
| Organisation of scooter use training | CONSENT | 3 years from last contact from customer |
| Management of claims and thefts | LEGITIMATE INTEREST | Until settlement of the claim |
| Management of fines | LEGAL REQUIREMENT | 2 years |
(1) Data retention for all requests: name, contact details, purpose and account history.
(2) The periods are indicated subject to additional legal requirements.
Data may be collected for other purposes for certain specific or temporary services. Where applicable, information about the said processing will be provided in a specific document when this Data is collected.
Who are the recipients of your Data?
The recipients of the data are:
- Cityscoot, its subsidiaries, affiliated companies and, in particular, the departments involved in the processing of your registration and our customer services department;
- our service providers and sub-contractors, in particular for the purposes of processing your payments or authenticating your documents;
- our insurance company (and/or our brokerage firm) in the event of claims and thefts;
- the competent police authorities, in the event of an offence;
- the municipal authorities, for the purposes of improving transport services;
- generally, the competent authorities, upon request only, in order to meet legal requirements.
If you access our Services via your Uber account:
- Uber, in order that it may invoice you for the use of our Services and that you may consult your journey history (points of departure/arrival points and duration of use of the service) via your Uber account.
Transfers of data outside the EU
Cityscoot may use a file sharing and storage service and a rights management service for which the servers or systems may be located outside the European Economic Area (EEA), resulting in the transfer of Data outside the territory of the EEA.
These transfers are subject to appropriate guarantees for maintaining the confidentiality, integrity and security of the Data in accordance with the French data protection regulations (Informatique et Libertés). You can obtain a copy of the protection guarantees by contacting the data controller via email (privacy@cityscoot.eu) or from our data protection officer (dpo@cityscoot.eu).
Information from Cookies and similar technologies may be transferred outside the European Union with a view to its storage or processing in relation to audience measurement or publicity purposes. More information on this matter for each partner involved is provided in the Cookies Policy.
Is your data secure?
We undertake to take all necessary precautions and all appropriate technical and organisational measures in order to safeguard the security, integrity and confidentiality of the Data and, in particular, to ensure that said Data is not altered, modified or deleted and that no unauthorised third party has access to it.
We have taken the following measures in particular:
- We use encryption systems to guarantee the security of your personal data when said data is transferred;
- Access to the network and systems is restricted to authorised staff with access rights;
- Users have unique passwords (password management ensuring strong passwords and two-step authentication);
However, we cannot guarantee that all risks of improper use of the Data will be removed. It is important that you maintain your login data confidential in order to prevent unauthorised use of your account.
What are your rights?
In accordance with the French data protection regulations (Informatique et Libertés), and subject to payment of all amounts owed as specified in the General Terms of Use of our services, you may withdraw the consent that you have previously given when registering for our services at any time.
You may access and obtain a copy of the data concerning you, have said data rectified, under certain conditions object to its processing or have it deleted.
You also have the right to restrict the processing of your Data and the transfer of said data to third parties.
Lastly, you are entitled to establish guidelines relating to the use of your Personal Data after your death.
For further information: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles
Exercising your rights
These rights may be exercised at any time, through Cityscoot, by means of an ID document provided via email to: privacy@cityscoot.eu.
Claim via the CNIL
If, after having contacted us, you believe that your rights regarding your data have not been respected, you may file a claim with the CNIL.