We will collect and process the following personal data from you:
This is information about you that you give us directly when you interact with us.
You will need to set up an account with HumanForest ("E-Bikes Account") in order to use E-Bikes. We will ask you for your name, date of birth (as E-Bikes is only for those over 18 years), mobile phone number, email address, physical address and valid debit or credit card number, and your chosen password and user name/ log in.
This is so we can create and validate an account in your name, identify and contact you as the account holder when you log in and use E-Bikes when administering your E-Bikes Account e.g. to send you invoices, tell you about technical updates and changes to E-Bikes and this Privacy and Cookies Policy, and tell you about other useful general information such as road closures. We also use it for payment card processing for charges to your E-Bikes Account through our card payment processing provider, Stripe. See Payment Processing.
If we ask you for additional personal details when you open your E-Bikes Account such as your gender and interests, this enables us to, from time to time, tailor content and promotional offers that we may provide in conjunction with our partners.
Your profile details and information about how you use our E-Bikes service are aggregated with those of other E-Bikes riders to help explain to a partner how our service is used (for example we may explain that 50 men aged under 30 used free ride time sponsored by that partner). Whilst we put these statistics from details of your E-Bikes Account and your use of E-Bikes, into categories such as age, gender, frequency and distance of rides, location, duration and non-fulfilment of ride, we do not provide partners with information that shows you are the rider.
If you raise a query or complaint regarding your E-Bikes Account we will use the details you provide to investigate and respond, or if you report any unauthorised use of or accident or damage to the bike. If we receive any complaint connected to your ride, we will use details from your E-Bikes Account and how you use it, to investigate and respond, or if we consider it appropriate to report any matter connected to your ride to the Police or other relevant authorities.
We will automatically collect information from you each time you use our App or E-Bikes. This includes technical information, information about your visit and location data.
Technical information -we collect the Internet protocol (IP) address used to connect your device to the Internet, an App ID, App version and operating system version. We also receive information about the content of a request as well as the time zone setting, date and time and http status code associated with that request.
Information about your use of our App. This involves date and time of visit, length of visit, scrolling, and clicks.
Location data – we collect information through the App and from real time use of E-Bikes on the location of your ride, to provide the location services that are dependent on knowing that location. This is so we can display to you in the App, the location of available bikes, and to enable us to reserve it to you, and lock and unlock it according to your hire and any excess period. Your ride is tracked for the hire duration, including any pauses, to calculate the free ride and/or chargeable period as applicable. This also informs whether we treat the bike as being located outside a designated ride area/ parking area, abandoned, lost or stolen and it may also be used for reporting any loss or theft of the bike to the Police. It can also be used to assess the condition of the bike e.g. following damage or an accident or unauthorized use. You can choose to either limit location services to only when the App is in use or for as long as the app is active in the background of your device. Please refer to the App and 'Your Rights' [link to section] of this Privacy and Cookies Policy to learn more.
Some are essential to provide you with the service you register for. Otherwise you set your cookie choices and you can change them at any time. However, you may not be able to take full advantage of our App if you do so.
You can manage your preferences in relation to cookies or change your device privacy settings to refuse the use of some or all cookies. However if you block all cookies (including necessary cookies) you may not be able to use parts of our service.
We analyse your use of E-Bikes, sometimes in conjunction with Cookies to understand your preferences, predict what might be of interest to you, and classify you, alongside other E-Bikes users, into groups such as age range, gender, frequency, duration, location, and non-fulfilment of ride. We use this in conjunction with participant partners from the 'first 20 minutes fee' scheme, to deliver you details of further discounts and concessions according to the groupings or characteristics they tell us they want to target against. We don't share your name, phone or email with these partners, so unless you have otherwise specifically agreed to this, you won't hear from them directly - we just provide you with a redemption code in real time via the App or in an email or SMS from us, and you choose whether or not to redeem it. Before activating any code, please carefully read the details as it may involve further use of your information for redemption purposes. We may also use the above customer insight to decide to send you details of other HumanForest products and services by email, SMS or phone call. Please refer to the App and Your Rights of this Privacy and Cookies Policy if you wish to change your direct marketing contact preferences.
You can see the lawful basis on which we process your details here.
We may give your information to selected third parties.
Our selected third parties may include:
We will disclose your personal information to third parties:
We may transfer your personal information outside the EU:
Analytic and optimisation services provided by 'Braze' are covered by terms which incorporate the EC standard contractual clauses relevant to legal adequacy of personal data transfers where relevant to Braze Inc. in the United States (see: Standard Contractual Clauses (SCC). Braze are also certified under the separate Privacy Shield legal adequacy mechanism for personal data transfers (see Privacy Shield).
Please see Contact Us for details on how to request information on protecting your personal data if transferred outside the EU.
All information you provide to us is stored on secure servers. Any payment transactions handled through our payment gateway provider are subject to their Payment Card Industry (PCI) certification. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our App you are responsible for keeping this password confidential. It is important that you do not share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our App may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances:
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
You can exercise the rights listed above at any time – see Contact Us.
If your request or concern is not satisfactorily resolved by us, you may approach the data protection authority. The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
This table forms an important part of our Privacy and Cookies policy which you should also read.