1. General

This privacy policy (the ”Privacy Policy”), together with the user terms and conditions (the “Terms of Service”), available on the Biikee website www.biikee.app, describes how Biikee, a company registered in Sweden with company number 559417-4194 and with its registered office at Vattholmavägen 16B, 75419 Uppsala Sweden (”Biikee”, “We”, “Our“), as a data controller, process its customer’s (“You”) personal data when using the Services.

Unless otherwise stated in this Privacy Policy, the definitions used herein will have the same meaning as in the Terms of Service. Questions regarding this Privacy Policy and Biikee’s processing of Your personal data can be sent to support@biikee.app to Biikees data protection officer:

Biikee Smartlocks

Data protection officer: Neil Arnold, Email: info@biikee.app Address: Vattholmavägen 16B, Uppsala 75419, Sweden The Privacy Policy is intended to comply with our obligations to provide you with information about our processing of your personal information under applicable privacy laws. It explains howwe collect, use and share personal information in the course of our business activities.

2. Collection, purpose and use of personal data

Biikee will collect personal data which You submit when creating an account in the Biikee App or which is created when You are using the Biikee App or the Services.

Biikee processes Your personal data for the following purposes:

a) For the purposes of entering into, fulfilling and administering our contractual relationship (including handling payment) with You and to correspond with You in relation to the Services, we process the following personal data:

  • Location data (phone location and location of Biikee Smartlocks);
  • Contact details (such as name, address, e-mail address and phone number);
  • Payment information (such as bank card information, Swish integration, invoice history, payment history)
  • Photos of your bike(s) which You upload in the Biikee App

Our lawful basis for the processing of your personal data for this purpose is to fulfil our contractual obligations with You (Article 6(1)(b) GDPR).

b) For the purposes of performing statistical analyses, to analyze data in order to develop the Services regarding functionality, security and methods, and to analyze markets and customers, we and third parties described below process the following personal data:

  • Information about Your bike(s), such as make, model, and color;
  • Information about Your use of the Biikee App and the Services, for example, the date,time and duration of your usage; and
  • Survey data; responses to user experience and demographic survey questions

Our lawful basis for the processing of your personal data for this purpose is our legitimate interest to be able to develop the Services and to increase Our understanding of the markets and customers (Article 6(1)(f) GDPR). Wherever possible, we anonymise or aggregate data processed for this purpose.

c) For the purposes of carrying out marketing campaigns we may process personal data including:

  • Contact details (such as name, e-mail address and phone number)

The lawful basis on which we process personal data for marketing purposes is either our legitimate interests in marketing our business (Article 6(1)(f) GDPR), or consent (Article 6(1)(a) GDPR) where we send marketing about third party products and services, as further described in section 5. Where our processing is based on consent you can withdraw this at any time by using the unsubscribe link in our emails or by contacting us using the details given in section 1.

d) For the purposes of segmenting and analyzing position data in order to provide custom information based on Your specific preferences and behavior patterns, we process the following personal data:

  • Position data

The lawful basis for the processing of your personal data for this purpose is to fulfil Our contractual obligations with You, i.e. in order for Us to provide the Services (Article 6(1)(b) GDPR).

You are not obliged to provide us with your personal data, however, not doing so may mean that you are unable to use our services.

e) For the purposes of providing You with the ability to detect Our nearby Biikee Smartlocks and to enable Us to detect use of Our Biikee Smartlocks in breach of Our User Agreement, we process the following personal data:

  • Location data when the Biikee App is in use (phone location) as well as location data when the Biikee Smartlock is in use (Smartlock location)

Our lawful basis for the processing of your personal data for this purpose is our legitimate interest to provide you with services and to ensure use of our services in accordance with Our User Agreement (Article 6(1)(f) GDPR).

In addition to the above, Biikee may process Your personal data (all categories of personal data as described above) in order to comply with laws and regulations or by court order (in which case the lawful basis is a legal obligation (Article 6(1)(c) GDPR)) or to protect Biikee’s or any third parties’ rights, e.g. defending, exercising or establishing legal claims (in which case the lawful basis is Our legitimate interest in protecting Biikee’s or any third parties’ rights (Article 6(1)(f) GDPR)).

3. Transfer of personal data

Biikee may transfer personal data to the following categories of recipients:

  • IT service providers. The purpose for these transfers is to be able to offer to You all of the functions of the Services. Such service providers process Your personal data in the capacity as data processors upon Our commissioning and on Our behalf. We only provide personal data in the context of legally permissible processing, to service providers that have been carefully selected and commissioned in writing. The service providers will receive only such personal data which is required for them to perform their tasks.

  • Marketing partners. We share personal data with third party service providers which help us with our marketing. The purpose for these transfers is to perform marketing campaigns and the lawful basis is our legitimate interest to be able to perform marketing campaigns (Article 6(1)(f) GDPR).

  • Group companies. The purpose for these transfers is internal administration and to provide Our Services to You. The lawful basis is our legitimate interest in being able to administer our business and thereby provide Our Services (Article 6(1)(f) GDPR).

  • Insurance companies. The purpose for these transfers is to handle insurance claims and administer Our insurance policies. The lawful basis is our legitimate interest in handling insurance claims and administrating Our insurance policies on an ongoing basis (Article 6(1)(f) GDPR).

  • Courts and Counter Parties in legal matters. The purpose for these transfers is to defend, exercise and establish legal claims. The lawful basis is Our legitimate interest to defend, exercise and establish legal claims (Article 6(1)(f) GDPR).

  • Regulators: to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;

  • Solicitors and other professional services firms (including our auditors).

  • Law enforcement agencies, including the Police. The purpose for these transfers is to assist law enforcement agencies and the Police in its investigations, to the extent we are obligated to do so. The lawful basis is to comply with legal obligations (Article 6(1)(c)GDPR). We may also under some circumstances have a legitimate interest in assisting the Police in its investigations even if We do not have a legal obligation to do so. In these cases We may transfer personal data to the Police on the basis of Our legitimate interest in assisting the Police and also the Police’s (in its capacity as a third party) legitimate interest in law enforcement (Article 6.1(f) GDPR)

  • Potential buyers and seller. The purpose for these transfers is to share information with potential buyers and sellers in a business transaction (e.g. a merger or acquisition) involving Biikee. The lawful basis is our legitimate interest to carry through an acquisition or merger (Article 6(1)(f) GDPR);
  • In some cases, Biikee may transfer your personal data outside the EU / EEA, mainly in cases where we use service providers that process personal data outside the EU / EEA. This will only be done after adequate protection measures have been taken by Biikee to ensure an adequate level of data protection, e.g. by including the European Commission’s standard contractual clauses for the transfer of personal data and, where necessary, by implementation of supplementary safeguarding measures. You can obtain further information regarding the protection measures taken when personal data is transferred outside the EU / EEA by contacting Us.

4. Storage of personal data

Your personal data is stored only as long as is necessary in order to fulfil the purposes for which Your personal data was collected, however, if personal data is processed on account of Your consent or Our legitimate interest, Your withdrawal of the consent or valid objection will put an end to the processing, without affecting any processing that happened until then and without affecting any legal obligation to process personal data. The personal data which is processed to enter into, perform or administer an agreement between You and Biikee, is processed for as long as You are a customer of Biikee and have a Biikee account. If Your account is terminated, We will delete the personal data from Your account, with the exception of personal data which needs to be stored by Us due to legal requirements or to safeguard Our legal interests.

5. Marketing

We may send You marketing regarding Biikee’s Services as well as products and services offered by third parties. The marketing can be sent by e-mail, SMS, push notifications and in-app. The purpose of sending marketing is to inform You about Our Services and relevant offers from third-parties. We may also process personal data for the purpose of evaluating a marketing campaign which may include that We will transfer some personal data, mainly e-mail addresses, to the relevant marketing campaign partners.

The lawful basis for sending marketing regarding Our Services and those of third parties is your consent (Art. 6 (1) sentence 1 point (a) GDPR), which You may withdraw at any time. Where we process personal data for evaluating marketing campaigns the relevant lawful basis is Our legitimate interests (Article 6(1)(f), GDPR) to analyze the result of Our marketing campaigns.

You may always opt out from Our marketing efforts, either directly in the actual marketing message or by contacting Us at support@biikee.app.

6. Rights and contact

You have certain rights in relation to Our processing of Your personal data. Your rights are the following:

  • Right to access. You have the right to receive confirmation from Us that we process Your personal data, including a right to access Your personal data and receiving an electronic copy of Your personal data
  • Right to rectification. You have the right to request that incorrect or inadequate personal data about Your is updated or corrected.
  • Right to withdraw consent. To the extent the processing of Your personal data is based on Your consent, You have the right to withdraw Your consent at any time.
  • Right to object. When Biikee is using legitimate interest (Article 6(1)(f) GDPR) as lawful basis for the processing, or if the processing concerns direct marketing, You have the right to object to the processing. In such case, we may be entitled to continue to process Your personal data if we can demonstrate a compelling legitimate interest to continue the processing operation
  • Right to erasure (“right to be forgotten”). Under certain circumstances, e.g. if you have objected to the processing and We do not have a compelling legitimate interest, You can request that Your personal data is erased. This does not, however, apply if we have a legal obligation to process the personal data or other legitimate purposes for which Your personal data is processed.
  • Right to restriction. Under certain circumstances, You have the right to request that the processing of Your personal data is restricted, so that the personal data only may be stored by Biikee and not processed for any other purposes.
  • Right to data portability. If the processing is based on Your consent (Article 6(1)(a) GDPR) or a contract (Article 6(1)(b) GDPR) and the personal data has been obtained directly from You, You are entitled to request data portability, in which case you are entitled to receive Your personal data on a commonly used machine-readable format.

Please contact Us using the contact details below if You wish to exercise any of Your rights mentioned above. Biikee will normally answer Your request within one month. You may contact Us at: support@biikee.app , or by sending mail to Biikee Smartlocks, Vattholmavägen 16B, 75419 Uppsala Sweden.

7. Right to lodge complaints

If You have any complaints regarding Our processing of Your personal data, You have the right to lodge a complaint to the relevant data protection authority in Your country.

  • In Sweden, please contact the Swedish Data Protection Authority (Sw. Integritetsskyddsmyndigheten).
  • In Denmark, please contact the Danish Data Protection Agency (Da. Datatilsynet)
  • In Norway, please contact the Norwegian Data Protection Authority (No. Datatilsynet).
  • In Finland, please contact the Finnish Data Protection Authority (Fi. Tietosuojavaltuutettu).
  • Sie haben das Recht, eine Beschwerde bei Ihrer lokal zuständigen Datenschutzbehörde einzureichen
  • En España, sírvase ponerse en contacto con la Agencia Española de Protección de Datos.
  • En France, veuillez contacter la Commission Nationale de l’Informatique et des Libertés (CNIL)
  • Per l’Italia, si prega di contattare l’Autorità garante per la protezione dei dati personali italiana (It. Garante per la protezione dei dati personali
  • In Switzerland :
    • veuillez Vous adresser au Préposé fédéral à la protection des données et à la transparence
    • wenden Sie sich bitte an den Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten. (Dt. Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter)
    • si prega di contattare l’Incaricato federale della protezione dei dati e della trasparenza. (Dt. Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter)
  • In the United Kingdom, please contact the Information Commissioner’s Office (ICO).

8. Security

The technology used by Biikee, together with this Privacy Policy, aims to protect Your personal data from unauthorized access and unauthorized use by using appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk. For example, amongst other measures, we maintain a security policy and store all of your personal information on our secure servers. We may update these actions as new technology becomes available

9. Changes to the Privacy Policy

Biikee may change this Privacy Policy by publishing a new version of this Privacy Policy on the Website and in the Biikee App. However, in case a change is due to any changes in Our processing operations, We will notify You by sending You an e-mail with information about the change.