Valid from February 2020
Name and address of the person responsible
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
nextbike Czech Republic
Olomouc 779 00
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
The use of our web pages is possible without providing personal data. As far as on our sides personal data (for example address, age or sex) are raised, this takes place, as far as possible, always on voluntary basis. This data will not be passed on to third parties without your express consent. Within registration, only name, surname, email and telephone number is required.
The following regulations inform you in this respect about the type, scope and purpose of the collection, use and processing of personal data by the provider.
Basic information on data processing
We collect, process and use personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be used if a legal permission or consent has been obtained.
We take organizational, contractual and technical security measures to ensure that the provisions of data protection laws are observed and thus to protect the data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Collection, processing and use of personal data
Personal data of the users is collected for some the following reasons:
- The rental of nextbike bicycles
- Registration of customers on the nextbike system, this is done via app, telephone hotline or websites
- nextbike services and user achievements connected with it
- bike usage data (e.g. location of the rental bike at the beginning and end of the rental period, parking processes and location of the bike, shall be collected insofar as it is necessary for the purpose of carrying out the contractual relationship with the (This also includes the use of the data to detect and eliminate errors and malfunctions in the rental process and in the overall operation
- Rental transactions are collected and stored with start and destination times. This data can be viewed at any time in the customer account and shall be the subject of the invoice
- User data is further passed onto our payment service providers in order to bill the rentals
- When contacting nextbike, the information is stored for the purpose/s of processing the enquiry and in the event that follow-up questions arise
- Personal data will be deleted if it is no longer necessary or if there is no legal obligation to store it
We use so-called cookies on our site for the recognition of multiple use of our offer by the same user/internet connection owner. Cookies are small text files that your Internet browser stores on your computer. They serve to optimize our website and our offers. These are usually so-called “session cookies”, which are deleted after the end of your visit.
In some cases, however, these cookies provide information in order to automatically recognize you. This recognition is based on the IP address stored in the cookies. The information obtained in this way serves to optimize our offers and to provide you with easier access to our site.
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, are collected (so-called server log files):
- Browser type and version
- Operating system used
- Website from which you visit us (referrer URL)
- Website you are visiting
- Date and time of your access
- Your Internet Protocol (IP)
These anonymous data are stored separately from any personal data you may have provided and thus do not allow any conclusions to be drawn about a particular person. They are evaluated for statistical purposes in order to optimize our website and our offers.
We offer you the possibility to register on our site, in the app or via hotline. The data entered in the course of this registration, which can be seen in the input mask of the registration form at www.nextbikeczech.com is collected and stored exclusively for the use of our offer.
On our website we offer you the possibility to contact us by e-mail or service hot line. In this case, the information provided by the user will be stored for the purpose of processing his contact. The data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site does not take place either.
The newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308,USA.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other email addresses.
Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Also the changes of your data stored with MailChimp are logged.
The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries, the recipients come. However, MailChimp does not use the data of our newsletter recipients to send emails or pass them on to third parties.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and commits itself to comply with the EU data protection regulations. Furthermore, we have concluded a data processing agreement with MailChimp . This is a contract in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. The data protection regulations of MailChimp can be viewed at mailchimp.com/legal/privacy/.
Social Media Plugins
On our website we use social media plugins according to Art. 6 paragraph 1 letter a), letter f) The advertising purposes therein represent a legitimate interest for us.
Our website integrates plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA.
The Facebook plugins are identified by the Facebook logo on our website. An overview of the Facebook plug-ins can be found here: developers.facebook.com/docs/plug-ins/.
When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server.
Data is transmitted and stored on Facebook. Facebook receives the information that you have visited our website with your IP address. nextbike has no access or information of the content of the transmitted data; as well as their use by Facebook.
In our app the Facebook Software Development Kit (SDK) is integrated. The Facebook SDK is provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (Facebook).
It helps to increase the advertising success of Facebook-based advertising campaigns for mobile apps. For example, this means that no advertising for the corresponding app is displayed on devices on which it is already installed. In addition, the Facebook SDK allows various evaluations of the installation of the app and the success of the advertising campaign. In addition, individual user activities (events) within the app can be analyzed in order to better define the target group for advertising campaigns.
For this purpose, the nextbike app sends pseudonymized data to Facebook, such as the app ID and the information that the app has been started. The advertising ID provided by the operating system of the device serves as the pseudonym (name may differ depending on the operating system).
In the case of the nextbike app, however, the Advertising ID is not used to optimise advertising but is rejected by Facebook, since nextbike Czech Republic has generally prevented Facebook from using the Advertising ID for optimised advertising purposes. Therefore, the individual user cannot be determined at any time. Information about the identity of the user is therefore not known to nextbike Czech Republic.
Our website includes plug-ins from the short message service Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The Twitter plugins can be recognized by the Twitter logo (white bird on blue background) and the addition “Twitter”. The Twitter plugin is activated with one click, so your browser establishes a direct connection to Twitter’s servers and with your Twitter account. This can also lead to an exchange of data with other Twitter users. We do not receive any information about the data sent to Twitter.
We have no information of the purpose and scope of data collection and the further processing and use of data by Twitter. For more information, please visit https://twitter.com/privacy. You can also configure your own privacy settings in the settings of your Twitter account.
This will let LinkedIn know which specific subpage of our website you are visiting. If you are logged in to LinkedIn at the same time, this can be assigned to your LinkedIn account. If such assignment to your LinkedIn account is not desired, you can prevent this by logging out of your LinkedIn account before visiting our website. By clicking on the LinkedIn plugin, the website you are visiting is linked to your LinkedIn account and made known to other users.
We do not receive any information about the data sent to LinkedIn. We have no information of the purpose and scope of data collection and the further processing and use of the data by LinkedIn. Information on data protection can be found at www.linkedin.com/legal/privacy-policy. Furthermore, you have the possibility to configure the settings for data protection yourself in the settings for your LinkedIn account.
Plugins of the online service Google Maps of Google Inc., CA 94043,1600 Amphitheatre Parkway, Mountain View, USA, are integrated on our website and in the apps. By using Google Maps on our website, information about the use and your IP address is transmitted to and stored by Google.
We have no information of the purpose and scope of data collection and the further processing and use of the data by Google. According to Google, this information is not linked to other Google services. The data collected by Google may be transferred to third parties. By using our website you agree to the data processing by Google.
For more information about Google’s privacy practices, visit www.google.com/intl/de_en/help/terms_maps.html.
Plug-ins of the online service OpenStreetMap of FOSSGIS e.V., Römerweg 5, 79199 Kirchzarten, are integrated on our website and in the apps. By using Google Maps on our website, information about the usage and your IP address is transmitted to OpenStreetMap and stored.
We have no knowledge of the purpose and scope of data collection and the further processing and use of data by OpenStreetMap. According to OpenStreetMap, this information is not linked to other services. The data collected by OpenStreetMap may be transferred to third parties. By using our website you agree to data processing by OpenStreetMap.
Plug-ins of the online service Apple Maps of Apple Inc One Apple Park Way, Cupertino, California, USA, 95014, are integrated on our website and in the apps. By using Apple Maps on our website, information about your use and IP address is transmitted to and stored by Apple Maps.
We have no knowledge of the purpose and scope of the data collection and the further processing and use of the data by Apple Maps. According to Apple Maps, this information is not linked to other services. Data collected by Apple Maps may be shared with third parties. By using our website, you consent to Apple Maps processing your information.
For more information about Apple Maps’ privacy practices, visit www.apple.com/legal/privacy/en-ww/.
We use an Instagram plugin on our website. Instagram is a service of Instagram Inc. The integrated “Insta” button on our site informs Instagram that you have visited the corresponding page of our website. If you are logged in to Instagram, Instagram can associate this visit to our site with your Instagram account and link the data. Instagram saves the data transmitted by clicking the “Insta” button. For information about the purpose and scope of data collection, processing and use, and your rights and privacy choices, please refer to the Instagram Privacy Notices available at help.instagram.com/155833707900388.
To prevent Instagram from associating your visit to our site with your Instagram account, you must log out of your Instagram account before visiting our site.
Our website integrates a plugin of the video platform YouTube, YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.
In addition, we use company components (videos). Here we use the option” – extended data protection mode -” provided by YouTube.
When you access a page that has an embedded video, it connects to the YouTube servers and displays the content on the website by notifying your browser.
According to YouTube, in ” – extended privacy mode -” only data is transmitted to the YouTube server, especially which of our websites you visited when you watch the video. If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your YouTube account before visiting our website.
Further information on YouTube’s data protection is provided by Google under the following link: policies.google.com/privacy?hl=en&gl=de.
Transmission of data to payment service providers
Encrypted payment transactions on this website
Payment transactions via the usual means of payment (Visa/Mastercard, direct debit) are made exclusively via an encrypted SSL connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Use of Google AdWords
We also use the Google advertising tool “Google-Adwords” to promote our website. In this context we use the analysis service “Conversion-Tracking” of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. If you accessed our website via a Google ad, a cookie is stored on your computer. Cookies are small text files that your Internet browser stores on your computer. These so-called “conversion cookies” lose their validity after 30 days and do not serve for personal identification purposes. If you visit certain pages of our website and the cookie has not yet expired, we and Google may recognize that you as a user have clicked on one of our ads placed on Google and have been redirected to our page.
The information collected with the help of the “conversion cookies” is used by Google to generate visit statistics for our website. These statistics show us the total number of users who clicked on our ad and also which pages of our website were subsequently accessed by the respective user. However, we or others who advertise via “Google-Adwords” do not receive any information with which users can be personally identified.
You can prevent the installation of “conversion cookies” by making the appropriate settings in your browser, such as browser settings that generally deactivate the automatic setting of cookies or specifically only block cookies from the “googleadservices.com” domain.
Use of Google Analytics with anonymisation function and Google Tech Manager
We use Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by these cookies, such as the time, place and frequency of your visit to the website, including your IP address, is transmitted to Google in the USA and stored there.
We use Google Analytics on our website with an IP anonymisation function. In this case, Google will already reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and thereby make it anonymous.
Google will use this information to evaluate your use of our site, to compile reports on website activity for us and to provide other services relating to website and Internet use. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
Google also offers a deactivation option for the most popular browsers, giving you more control over what information Google collects and processes. If you activate this option, no information about your visit to the website will be transmitted to Google Analytics. However, activation does not prevent information from being transmitted to us or to other web analytics services that we may use. For more information about the deactivation option provided by Google and how to enable this option, please follow the link below: tools.google.com/dlpage/gaoptout?hl=en
We use the Google Tag Manager on our website: Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect personally identifiable information. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager. www.google.com/tagmanager/use-policy.html.
Rights of the data subject
If personal data is processed of you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
Right to rectification
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
Right to restriction of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to erasure Deletion obligation
You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you have been processed
- The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to erasure does not exist insofar as the processing is necessary:
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or b) to assert, exercise or defend legal claims.
Right to be informed
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
The person responsible shall have the right to be informed of such recipients.
Right of data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that
- processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- processing is carried out by means of automated methods. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You also have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the person responsible,
- the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
- with your express
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.
The Right to an “Effective Judicial Remedy”
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Name and address of the data protection officer
Attorney Peter Hense, Spirit Legal LLP, Petersstraße 15, 04109 Leipzig, Germany, Änderungen der Datenschutzerklärung.
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. Users are therefore asked to inform themselves regularly about their content.