This policy aims to inform you about how we collect and process any information that we collect from you, or that you provide to us when you visit our Site (regardless of where you visit from). It covers information that could be used to identify you as an individual (“personal data”) and other information that may be collected and processed by us. In the context of the law and this policy, “process” includes collecting, storing, transferring, using or otherwise acting on that information.
It tells you about your privacy rights and how the law protects you. We are committed to protecting your privacy and the confidentiality of your personal data. This policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal data.
We undertake these steps to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
Our policy complies with all applicable data protection and privacy legislation in force from time to time in the United Kingdom including the retained European Union law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR); the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended (“UK Data Protection Law”).
Following the UK’s departure from the EU (Brexit) 1bike1world will continue to ensure we meet the requirements of UK GDPR. This includes ensuring customers and users are provided with clear and concise information about the collection, processing and management of your personal data.
Please note that you have legal rights regarding the use of your personal data and that we are under legal obligations to you regarding the processing and control of your personal data. Some information regarding your rights (see section 16 ‘Your legal rights’) and our obligations is set out in this policy, however, additional and more detailed information is accessible via the internet including via the ‘know your privacy rights’ website (accessible via the following URL at the time of drafting: http://www.knowyourprivacyrights.org) and the UK ‘Information Commissioner’ website (accessible via the following URL at the time of drafting: https://ico.org.uk/ ).
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our Site.
1. Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for ensuring that our policy is followed.
If you have any questions about this policy or our privacy practices, including any requests to exercise your legal rights, please contact our DPO, Leona at Support@1bike1world.com.
We aim to respond to your emails within 3 business days. All emails will be responded to within a 15 day time frame.
2. Data we process
We may collect, use, store and transfer different kinds of personal data about you. We have collated these into groups as follows:
Your identity includes information such as first name, last name, title, and other identifiers that you may have provided at some time.
Your contact information includes information such as billing address, delivery address, email address, telephone numbers and any other information you have given to us for the purpose of communication and delivery of orders
Your financial data includes information such as your bank account and payment card details. This information is taken by a reputable payment service provider, see section 15.
Transaction data includes details about payments or communications to and from you and information about products and services you have purchased from us.
Technical data includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.
Your profile includes information such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal data in law because it does not reveal your identity. For example, we may aggregate profile data to assess interest in a product or service.
If we combine or connect aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this policy.
3. Special categories of personal data
We do not collect any special categories of personal data about you.
Special categories of personal data include details regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect information about criminal convictions and offences.
out your health and genetic and biometric data.It also includes information about criminal convictions and offences.
4. If you do not provide personal data we need
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.
5. The bases on which we process information about you
UK Data Protection Law requires a legal basis for using personal data to be established Our basis varies depending on the specific purpose for which we use personal data. The legal bases we use to undertake processing of personal data include:
• Information we process because we have a contractual obligation with you
When you create an account on our Site, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal data.
We may use it in order to:
i. verify your identity for security purposes
ii. sell products to you
iii. provide you with our services
iv. provide you with suggestions and advice on products, services and how to obtain the most from using our Site
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
• Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our Site or ask us to provide you more information about our business, including our products and services, you provide your consent to us to process information that may be personal data.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us at Support@1bike1world.com. However, if you do so, you may not be able to use our Site or our services further.
• Information we process for the purposes of our legitimate business interests and in the interest of customers
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do after having given careful consideration to:
i. whether the same objective could be achieved through other means
ii. whether processing (or not processing) might cause you harm
iii. whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
i. record-keeping for the proper and necessary administration of our business.
ii. responding to unsolicited communication from you to which we believe you would expect a response
iii. protecting and asserting the legal rights of any party
iv. insuring against or obtaining professional advice that is required to manage business risk
v. protecting your interests where we believe we have a duty to do so
• Information we process to comply with a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal data..
Please note we may use legal bases other than the above depending upon the purpose for which we use personal data.
Specific uses of information you provide to us
6. Information provided on the understanding that it will be shared with a third party
Our Site allows you to post information with a view to that information being read, copied, downloaded, or used by other people.
Examples include posting a comment on our comics.
In posting personal data, it is up to you to satisfy yourself about the privacy level of every person who might use it.
We do not specifically use this information except to allow it to be displayed or shared.
We do store it, and we reserve a right to use it in the future in any way we decide.
Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.
Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal data that you have posted. You can make a request by contacting us atSupport@1bike1world.com
7. Complaints regarding content on our Site
We attempt to moderate user generated content, but we are not always able to do so as soon as that content is published.
If you complain about any of the content on our Site, we shall investigate your complaint.
If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.
Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
Further information regarding complaint handling can be viewed in our terms and conditions.
8. Information relating to your method of payment
Payment information is never taken by us or transferred to us either through our Site or otherwise. Our employees and contractors never have access to it.
At the point of payment, you are transferred to a secure page on our Site through Stripe or PayPal. That page may be branded to look like a page on our Site, but it is not controlled by us.
9. Communicating with us
When you contact us, whether by telephone, through our Site or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
Use of information we collect through automated systems when you visit our Site
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
- Cookies are necessary for offering our users the best and most efficient use of our Site. They allow us to recognise logged in accounts to grant access to content and keep you signed into our site.
- We use Analytical cookies to facilitate the collection of aggregated data and enable us to generate statistics regarding how visitors to our Site navigate and use the pages, by tracking your use of our site. The cookies collected do not contain personal data, we use these cookies to analyse user experiences and improve ease of use.
- We use functionality cookies to operate our site and subscription services. These cookies respond to choices made by you (the user) and are responsible for recognising data and recording any changes made to data, such as usernames.
12. Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our Site are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our Site, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our Site and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our Site.
Disclosure and sharing of your information
13. Information we obtain from third parties
Although we do not disclose your personal data to any third party (except as set out in this policy), we sometimes receive data that is indirectly made up from your personal data from third parties whose services we use.
No such information is personally identifiable to you.
14. Credit reference
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
15. Data may be processed outside the European Union
Our Site is hosted in the United Kingdom. We also use outsourced data processing services in countries outside the UK and the European Union.
1bike1world , and our payment data processors (Stripe and PayPal), are bound under the Data Processing Addendum ‘DPA’ as set out by Stripe Payments Europe, Ltd. We may transfer Personal Data processed under this DPA outside the European Economic Area (“EEA”), the UK or Switzerland as necessary to provide the Services of our Site.
The following safeguards data transferred outside the UK and the European Union. The data protection clauses in our contracts with the data processors include transfer clauses written by or approved by a supervisory authority in the European Union.
Transfer of Personal Data protected under this DPA to a jurisdiction where the European Commission has not issued an adequacy decision, or the UK has not issued similar measures in relation to such transfers, will be conducted by Stripe and PayPal, who will ensure safeguards appropriate to the Transfer of Personal Data are implemented in accordance with all applicable law in relation to such personal data.
For Stripe’s Privacy Shield policy, please visit stripe.com/privacy-shield-policy.
Security and Control over your own information
16. Your legal rights
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.;
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
i. If you want us to establish the data’s accuracy.
ii. Where our use of the data is unlawful but you do not want us to erase it.
iii. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
iv. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
17.. Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. It is your sole responsibility to keep us informed if your personal data changes.
18. Access to your personal data
At any time you may review or update personally identifiable information that we hold about you, by signing in to your account on our Site.
To obtain a copy of any information that is not provided on our Site you should contact us at email@example.com to make that request.
After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
19. Removal of your information
If you wish us to remove personally identifiable information from our Site, you should contact us to make your request at firstname.lastname@example.org
This may limit the service we can provide to you.
20. Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
21. Use of site by children
We do not sell products or provide services for purchase by children, nor do we market to children.
If you are under 18, you may use our Site only with consent from a parent or guardian
We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
22. Security and Encryption of data sent between us
Following the UK data protection legislation, 1bike1world as an organisation has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Anyone acting under our authority who has access to your personal data will not process it without our instruction and your consent, unless required to do so by domestic law
We ensure our services and platforms are maintained and updated regularly with constant monitoring to ensure no malware or bugs are able to access our systems. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
23. How you can complain
If you are not happy with our Policy or if you have any complaint then you should tell us at email@example.com
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal data, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). This can be done at https://ico.org.uk/make-a-complaint/. We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO.
24. Retention period for personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
25. Compliance with the law
Our Policy has been compiled with the intention of complying with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.
However, ultimately it is your choice as to whether you wish to use our Site.
We may update this policy from time to time as necessary. The terms that apply to you are those posted here on our Site on the day you use our Site. We advise you to print a copy for your records.
If you have any question regarding this Policy, please contact us at contact firstname.lastname@example.org.