Skip to main content
ParkYourBike

App Privacy Policy

Privacy Policy

Protecting your personal data (also “data”) is important to us. In the following, we would like to inform you regarding what categories of personal data we process for what purposes when you use our ParkYourBike app. We treat your personal data confidentially and in accordance with the statutory data protection regulations (in particular the EU GDPR and the FDPA) as well as this Privacy Policy. To ensure that you are fully aware of your rights and the collection and use of personal data in our app, please read the information below.

Please note that our Privacy Policy may change from time to time due to the implementation of new technologies or changes in legislation.

The following Privacy Policy provides information on the processing of your personal data when using the Web version and the mobile version of the ParkYourBike app (unless explicitly differentiated, both are hereinafter referred to as the “ParkYourBike app” or “app”).

 

A. General

1. Data controller for the ParkYourBike app and Data Protection Officer

For this App, the data controller within the meaning of Art. 4 (7) GDPR is:

GB infraVelo GmbH
Mariendorfer Damm 1
12099 Berlin
support@parkyourbike.berlin

(hereinafter referred to as “infraVelo”, “we”, “us”)

If you have any questions or comments about this Privacy Policy, data protection in general or your rights as a data subject, please contact us by e-mail at parkyourbike@infravelo.de or by postal mail at the above address.

The Data Protection Officer within the meaning of Art. 37 ff. GDPR is:

Jörg Stohl
Grün Berlin GmbH
Mariendorfer Damm 1
12099 Berlin
datenschutz@gruen-berlin.de

2. Your Rights

a. General

In accordance with the law, you may generally exercise the following rights in regard to the data controller at no charge:

  • Revocation of the consent you have provided with effect for the future (Art. 7 (3) GDPR)

  • Right of access (Art. 15 GDPR)

  • Right to rectification or erasure (Art. 16 and Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object to processing (Art. 21 GDPR)

To assert claims under the GDPR, please contact the data controller using the contact details above or, alternatively, contact the Data Protection Officer as per Section 1 of this Privacy Policy. If you wish to contact us by e-mail, please use an address stored in our system when sending your message so we can associate the message with your account, assuming you have a user account. We cannot guarantee complete data security if you communicate by e-mail, so we recommend that you send any confidential information using postal mail.

If you believe that processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice pursuant to Art. 77 (1) GDPR.

b. Your right to object to processing

Information about your right to object to processing according to Art. 21 GDPR

You have the right to object to the processing of personal data relating to you at any time for reasons relating to your particular situation when such processing is carried out on the basis of Art. 6 (1) (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision from Art. 4 (4) GDPR.

If you object to processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend against legal claims.

If your objection is directed against the processing of personal data for the purpose of direct marketing, we will immediately cease processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as the profiling is associated with such direct advertising.

If you wish to exercise your right to object to processing, simply send an e-mail to support@parkyourbike.berlin.

3. Legal basis

We generally only process data if we have a legal basis to do so. We go into more detail on the individual bases in the individual processing instances. However, the following applies in general:

  • Insofar as we obtain the consent of the data subject for processing involving personal data, Art. 6 (1) (1) (a) GDPR serves as the legal basis for the processing.
  • When processing personal data that is necessary for the performance of a contract, Art. 6 (1) (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing that is necessary for performance of pre-contractual actions.
  • If the processing is necessary for fulfilment of a legal obligation to which we are subject, Art. 6 (1) (1) (c) GDPR serves as the legal basis for the processing.
  • If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (1) (f) GDPR serves as the legal basis for the processing.

4. Retention period

We erase the personal data we process or restrict processing in accordance with the statutory provisions, in particular Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, we erase retained personal data as soon as it is no longer required for the intended purpose. Personal data is only retained after the purpose has ceased to exist if this is necessary for other legally permissible purposes or if the personal data must be retained due to legal retention obligations. In these cases, processing is restricted, that is, it is blocked and not processed for other purposes.

Statutory retention obligations arise from Section 257 (1) of the German Commercial Code (HGB) (6 years for account books, inventories, opening statements of financial position, annual financial statements, commercial correspondence, accounting documentation, etc.) and from Section 147 (1) of the German Tax Code (AO) (10 years for books, records, management commentaries, accounting documentation, commercial and business correspondence, documents relevant for taxation, etc.), for example. The legal basis for further retention is Art. 6 (1) (1) (c) GDPR in conjunction with the aforementioned processing obligations. If specific retention periods can already be named at this point, these can be found below with the descriptions of the respective processing methods.

5. Children

Our app offer is not extended to children under the age of 18.

6. Data security 

We use technical and organisational measures to protect your personal data against loss, tampering, destruction or other attacks by unauthorised persons. We continuously improve our security measures in accordance with the current state of the art.

7. Automated decision-making, including profiling

We do not engage in automated decision-making, including profiling.

B. Collection and processing of your personal data in connection with the ParkYourBike App

In the context of the use of our ParkYourBike app, we process user data insofar as this is necessary to make the app available and to ensure its functionality.

1. Personal data processed for downloading of the mobile app

When you download the mobile app, certain required information is transmitted to the app store selected by you (e.g. Google Play or the Apple App Store) may be processed, in particular the user name, the e-mail address, the customer number of your account, the time of the download, your payment information and the individual device identification number. This personal data is processed exclusively by the app stores (Google Playstore & Apple App Store) and is covered by the respective terms and conditions of use and applicable privacy policies, putting them outside our sphere of influence.

Furthermore, in order to automatically find ParkYourBike facilities near your respective location, for technical reasons it is necessary for you to allow the application to access your location data. To do this, please enable location services in your mobile operating system. As soon as these services are enabled and the app is launched for the first time, a prompt for allowing access to location services is displayed. Confirming this prompt will result in the app being allowed access to your location information. The legal basis for use of your location is your consent pursuant to Art. 6 (1) (a) GDPR.

You can disable access to your location information at any time. If you do so, you can no longer make full use of our app offer.

2. Personal data processed when using the App

a. Technical operation of the app, hosting

When using the ParkYourBike app, the following personal data in particular is processed: country, mobile operating system version, mobile browser version, time of use, IP address and e-mail address. This personal data is automatically transmitted to us. The processing serves to fulfil the contract for use of the app pursuant to Art. 6 (1) (1) (b) GDPR. The processing is also in our legitimate interest, as it ensures error-free operation and functionality of the app and prevents misuse and malfunctions pursuant to Art. 6 (1) (1) (f) GDPR. When the overall interests are weighed against each other, the conclusion can be drawn that there are no overriding exclusionary interests on the part of the users. Evaluation of personal data requires prior consent, in particular for marketing purposes.

For provision and operation of our app, we use the service provider viaboxx GmbH, 53639 Königswinter (hereinafter “viaboxx”). We have concluded a data processing contract with viaboxx within the meaning of Art. 28 GDPR. This contract means that viaboxx may only process your personal data on the basis of our instructions and only for the purpose of implementing the contract between you and us. Personal data processed by viaboxx on our behalf is processed solely on servers with locations within the EU or EEA. This also applies in the event that viaboxx itself uses other contractors.

The personal data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. When the app is in use, such erasure occurs when you exit the respective session. Retained log files are only accessible to administrators and are automatically erased after 60 days have passed.

b. Contact by e-mail, phone or contact form

If you need assistance, or for any other correspondence with us, you can contact us by e-mail, by contact form in the ParkYourBike app or by phone.

In order to be able to process your enquiry, we process your e-mail address or your phone number as well as your first name and surname and all other information that you voluntarily provide in the course of contacting us. We process your personal data in the context of you contacting us based on your consent. If your get in touch with us in connection with a contractual relationship between you and us, the legal basis for data processing is Art. 6 (1) (1) (b) GDPR, that is, the processing is based on this contractual relationship.

For this purpose, we contact you by phone using the Callways service of Call Center GmbH, An der Wuhlheide 232 B, 12459 Berlin (hereinafter “Callways”), with which we concluded a data processing agreement.

To process your enquiries submitted via contact form, we use the Jira Service Management service of Atlassian, PTY Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia (hereinafter “Atlassian”), with whom we have concluded a data processing contract that includes the “standard contractual clauses” of the EU Commission. In this agreement, Atlassian undertakes to process data only on servers with locations in the EU or the EEA. In exceptional cases, Atlassian guarantees that your personal data will be adequately protected even if transferred to another country outside the EU or EEA. You can find more details here.

Unless legal retention periods require further retention, we retain information regarding your contact enquires on the basis of Art. 6 (1) (1) (f) GDPR for a maximum of 18 months starting from receipt. Since ParkYourBike is a very young service, we have a legitimate interest in aggregated evaluation of the contact enquiries that have reached us so far. In this way we can understand what problems exist in connection with the use of the app and improve the overall functionality of the app. Before such evaluation takes place, your personal data will be removed from the contact enquiries as far as possible. This is also a reason that the balancing of interests carried out here leads to the conclusion that there are no overriding exclusionary interests on the part of the users.

3. Sonstige Plugins und eingebundene Inhalte

a. Mapbox

Our service provider viaboxx uses the map service of the service provider Mapbox Inc. 740 15th Street NW, 5th Floor, Washington DC 20005, USA (hereinafter "Mapbox") to display interactive maps in our app.

Mapbox is used to provide an interactive map that shows you where bicycle parking facilities are located and how to get there. This service enables us to present our website in an appealing way by loading map material from an external server.

During the display, the IP address of your terminal device is transmitted to the servers of Mapbox. A transmission of your location does not take place.

The legal basis for the processing of the IP address in relation to the Mapbox service is Art. 6 para. 1 p. 1 lit. f) and b) DS-GVO. The legitimate interest arises from our need for an appealing presentation of our online offer and the easy location of the bicycle parking facilities offered on our homepage. Furthermore, the presentation of the interactive maps serves the fulfillment of the contract.

Our service provider Viaboxx has concluded an order processing agreement with Mapbox. Mapbox is based in the United States of America and therefore outside the EU.

4. Commercial and business services

a. Registration of a user account in the app and logging in

To use the service, you can register a customer account in our app. During the registration process, it is necessary for you to enter an e-mail address and assign a password.

Once you have registered by entering your e-mail address and a password, you will receive an e-mail with a code in the next step. You must click this link to verify your account.

Once you have successfully registered, the system will assign an internal user ID to your account and generate a PIN, which you can use as an access code when booking a bike slot. If preferred, you can also store your BVG/VBB RFID card as a means of access instead of a PIN. No information is forwarded to BVG, VBB or the like; the RFID card is only used to unlock access to the bike parking facility. You also need to specify a payment method of your choice.

We use your personal data to identify you and manage your account. We use your user ID to uniquely identify you in the system as well as to associate reservations and parking processes with you. We also need your e-mail address to contact you, such as to send you technical or legal information, updates, security messages or other messages relating to administration of your user account. We do not use your e-mail address for promotional purposes. Furthermore, if you forget your password, your e-mail address will be used to reset your password.

This data processing is justified by the fact that it is necessary for registration in the app and thus for performance of the contract between you and us pursuant to Art. 6 (1) (1) (b) GDPR. Furthermore, we have a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR in ensuring the functionality and error-free operation of the app. When the overall interests are weighed against each other, the conclusion can be drawn that there are no overriding exclusionary interests on the part of the users.

Please ensure that no unauthorised persons gain access to the login credentials for your account.

This personal data will be processed until the account is closed and then erased as soon as any applicable statutory retention periods have expired. For personal data directly relevant to accounting, statutory retention periods of up to 10 years may be considered. During this time, the personal data is processed again only if the financial authorities carry out an audit. The legal basis for further retention is Art. 6 (1) (1) (c) GDPR in conjunction with Section 147 AO and Section 257 HGB.

b. Use of the app after login: Data processing for a bike slot booking

If you have decided to book a bike slot using our App, the following personal data will be processed in connection with subsequent bookings of slots in bike parking facilities:

  • E-mail address (as user ID)
  • PIN, if applicable
  • Payment method: Payment method ID
  • Information on reservations made: location, number of bikes and date of reservation
  • Information on the parking process: location, number of bikes, type of ticket used, start and end of the parking process
  • When purchasing Season Tickets: number of bikes, duration, start and end time
  • Booking number
  • RFID card number (number of the eTicket of the VBB/BVG-Umwelt-Abo card)

This data processing is justified by the fact that it is necessary for use of the app and thus for performance of the contract between you and us pursuant to Art. 6 (1) (1) (b) GDPR.

The payment method ID is generated by the respective payment service provider (in accordance with its own responsibility under data protection law) and sent to us. The personal data will be erased as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal retention periods that prevent erasure. For personal data directly relevant to accounting, statutory retention periods of up to 10 years may be considered. During this time, the personal data is processed again only if the financial authorities carry out an audit. The legal basis for further retention is Art. 6 (1) (1) (c) GDPR in conjunction with Section 147 AO, Section 257 HGB.

c. Payment using VR Payment

You can use various payment methods to pay the fee charged for a booking. To enable payment, we use the VR Payment service of VR Payment GmbH, Saonestrasse 3a, 60528 Frankfurt am Main, Germany (hereinafter “VR Payment”). Using VR Payment makes it possible for you to pay for your order by credit card, PayPal and Klarna and makes it easier for us to process your booking. The payment information required in each case is processed.

The legal basis for the processing of your payment information is Art. 6 (1) (1) (b) GDPR. The information is only passed on for the purpose of billing for the service and thus for the fulfilment of the contract.

This personal data will be processed until the account is closed and then erased as soon as any applicable statutory retention periods have expired. For personal data directly relevant to accounting, statutory retention periods of up to 10 years may be considered. During this time, the personal data is processed again only if the financial authorities carry out an audit. The legal basis for further retention is Art. 6 (1) (1) (c) GDPR in conjunction with Section 147 AO and Section 257 HGB.

C. Use of cookies

Neither the Web version nor the mobile version uses cookies, pixels, tags or the like. When the app is called up, only a token with the name JWT is stored in the local storage of your terminal device. The token contains information about the time of issue, the expiry date, the issuer and a user ID, and it is used to identify the user to the server. The legal basis for storing this information in the local storage of your terminal device is Section 25 (2) (1) of the Telecommunications Telemedia Data Protection Act (TTDSG) as well as Art. 6 (1) (1) (f) GDPR as far as data protection law. Being able to securely and conveniently offer our app is to be classified as a legitimate interest within the meaning of the above-mentioned standard.

Status of the privacy policy: April 2023