Privacy Statement
Welcome! Thank you for reading our privacy statement, because it means that you consider privacy as important as we do. We have carefully prepared this privacy statement for you so that it is clear to you what happens to your data when you use the Tracefy app (or white-label apps), portal or website or we use your data in any other way.
Who are we?
Tracefy B.V.
Treubstraat 27
2288 EH Rijswijk
We are registered with the Chamber of Commerce under number 66322642
You can call us on: +31 (0)10 3073199
Or send an email to: info@tracefy.com
Tracefy is a young Dutch company offering specialised IoT solutions for bikes. We are a supplier of the GPS system in your bike and own the Tracefy app.
The GPS system and the Tracefy app allow you to track your bike (or have it tracked) if it is stolen provided you have a subscription for this. Moreover, in the Tracefy app, you can see where your bike is in real time and you can make use of the app's other great features such as viewing rides and distances. Likewise, you can get a reminder for maintenance via your bike shop. As you might normally get that via email, it will now be based on usage via the app.
Who are you? (Who is the person involved)
We hope you are reading this privacy statement because you have purchased or are using a bicycle equipped with the Tracefy GPS system. In addition, you have taken out a subscription through us for the connectivity of your GPS tracker with or without tracking through G4S or Recoveryservice NL. You may also be someone who appears in videos we make about thefts involving our GPS trackers. Or you may be someone with whom we communicate, for example via online social media channels.
This privacy statement is about your personal data. For convenience, in this privacy statement we (also) use the word "data" when talking about your personal data. According to the law, you are called a "data subject" in this situation.
What are personal data?
Personal data are pieces of information that allow other people to see or understand that it is about you.
We are a supplier of the GPS system in your bicycle. GPS allows location to be determined. In order to determine the location of your bicycle and to be able to trace your bicycle in case of theft, we ask you to enter various personal data, such as your name, address and phone number, in the Tracefy app. As the recipient of these data, we know that you have entered the data in the Tracefy app and have purchased or used a bicycle with a GPS system or a GPS system for your bicycle. Therefore, by entering your data in the Tracefy app, we receive information about you. In this privacy statement, we explain to you what information this is and what we do with it.
What data do we collect?
When you install our app and cycle, we collect data about you. All this data is needed to locate your bike and track it down in case of theft. This is because if the bike is stolen, we need to be able to make sure it is returned to you if you also have a tracking subscription. So we also need your data for that. We request the following data from you where the data marked * is really needed so that you can make good use of the Tracefy GPS system and your bike can be traced in case of theft.
Mr / Mrs
First name and surname *
Gender
Date of birth
Address *
Postcode*
City *
Country *
Phone number *
Email address *
Bike name *
Location details
Insurer
Policy number
Whether you paid for the subscription or not
* Unfortunately, if you do not want to enter these details, you will not be able to use the GPS system in your bike and its app.
Just as you have an app to see the location of your bike and routes ridden, we have developed a dashboard showing all your data, location and routes ridden of all bikes with a Tracefy GPS system. If your bike is stolen, we can track and trace it and see where it is. In addition, we can see all routes ridden and statistics such as average km per trip, stop and start locations, average trip duration, etc.
Please note that by using our app, your mobile device itself can also exchange data with us. Through your browser settings or your settings on your mobile device (your phone or tablet), you can control which data is shared with us.
It is also important to note that Tracefy does not collect the individual location of the smartphone. If permission is given for the app to retrieve the smartphone's location, the location is displayed on the map in the app, but the location is not stored on Tracefy's dashboard. This is because the location processing of the smartphone on the map in the app is local processing on the smartphone and not processing in Tracefy's dashboard. Tracefy can therefore only see the location and ridden routes of bikes, not your personal smartphone location data.
If you appear in images we take of thefts, the images and other information that allow you to be recognised are personal data about you. We do not make videos that include recognisable suspects. We also try to make other people (such as police and passers-by) unrecognisable but cannot guarantee that they will never be recognisable. Therefore, personal data may appear in the videos.
When contacting you via online (social media) or other channels, we process your profile or contact details and possibly other personal information contained in messages we exchange.
What do we do with your data? (the purposes of processing)
We don't collect your data for no reason. We collect the data to do the following with it:
1. Making sure you can use all features in the app
Several functions in the app require processing and storing data.
This allows you to see driven routes and distances in the app. There is also the function to get a reminder for servicing.
2. Being able to track your bike
If your bike is stolen, report it as stolen in the app. This activates the tracking service. They then track down your bike and, when they find it, return it to your bike shop (- and possibly notify you personally). These actions require the processing and storage of your data.
3.Viewing anonymous user profiles and heatmaps
Based on your bicycle use and that of other cyclists, we create analyses and anonymous user profiles. Bicycle manufacturers, dealers and (or) rental companies can view those anonymous user profiles on our online dashboard. Moreover, they can view heatmaps (frequently visited routes) on our online dashboard. Based on that anonymous data and heatmaps, dealers and (or) bike rental companies can, for example, make product improvements for their bikes.
It is important to stress that only anonymous data is shared with dealers and (or) rental companies of bicycles. They cannot see data of a single bicycle, a user and (or) a location. Only from a minimum of 10 bikes, anonymous data can be viewed. This also applies to heatmaps: at a minimum of 10 bikes, a heatmap of many ridden routes (i.e. a minimum of 10 cyclists) can be viewed. The anonymous data cannot therefore be traced back to you.
4. Ensuring that on your mobile device, your app with your data is also visible and remains visible
Of course, if you open the app again, it's nice if you don't have to enter your details again.
5. Conduct analytics to understand app usage
We are naturally curious to know whether the app is easy and fun to use. That is why we use your data (obviously not for commercial purposes) and can see through our own dashboard how often the app is used, at what times, in what locations and for how long. We can also use the dashboard to track whether the app gives problems and how often those problems occur.
6. So that we know which insurer your bike is insured with
Your insurer can request information from us about the theft and tracking of your bicycle. To know that the insurer requesting this information is really your insurer, we administer which insurance company you are insured with, including your policy number. The name of your insurer is linked to the GPS tracker on your bicycle so that the insurer can check whether you have a certified GPS tracker.
7. To know whether you have paid for the subscription
You pay for the subscription via a payment provider (Mollie). We do not receive your payment information but we do receive whether your payment was successful or not. We also put this information in our financial records.
8. For marketing and (online) engagement
To show how well our GPS trackers work, we publish videos of some thefts on online (social media) channels.
We use your (contact) data when you contact us or we contact you. For example, if you have questions about our products or services. Or if we want to inform you about topics of interest, such as when you need to have your bike serviced. Online, we also have contact with people who are interested in our products or services or our company.
What are the bases for using your data? (the bases)
We may only process personal data if there is a valid legal basis for doing so.
We use your data on the following legal bases:
- Execution of an agreement with you.
We have a subscription with you for the connectivity of the GPS tracker and possibly also to track (or have tracked) your bike in case of theft.
- Based on your consent.
We ask your explicit consent for the use of your location data. Location data is sensitive data. Since we use your location data, we specifically ask for your permission to share location data in the app. If you do not give or withdraw your consent to the use of your location data in the app, we will be able to track your bike, but you will not be able to see the routes and we will not be able to track your bike in case of theft.
We also specifically ask your permission to send you notifications to service your bicycle. If you do not consent to the sending of notifications or withdraw your consent, you will not receive any reminders to service your bicycle.
Incidentally, if you give consent, this also means that you may withdraw your consent. We will then stop using your data.
- Based on a legitimate interest.
In order to (i) ensure that you can use all functions in the app; (ii) be able to track your bike; (iii) provide access to anonymous user profiles and heatmaps; (iv) ensure that the app remains visible on your mobile; (v) perform analyses on the use of the app (as described above); and (vi) know which insurer you are insured with, it is necessary to process your personal data. Otherwise, we cannot fulfil these purposes. In addition, we need to process your personal data in order to communicate (online) with you. And in order to publish videos of thefts to draw attention to our products, services and company, these may include images of people. We do take these people's privacy interests into account as much as possible by blurring faces, for example.
- Based on legal obligations
To comply with our legal obligation to keep financial records, we need to process data about your payment (whether you have paid or not). We may also be required to provide certain data on an individual basis, for example if the police or another government agency requests it from us.
Do you have any questions or comments about our use of your data?
You have a say in what we are allowed to do with your data. This is because you have the following rights:
(i) the right to request whether data about you is being processed and, if so, to access it;
(ii) the right to request rectification and erasure of that data. To a large extent, by the way, you can manage this yourself via your profile and settings of your browser or mobile device;
(iii) the right to object to processing or request restriction of processing;
(iv) the right to withdraw consent to processing, if the processing is based on your consent;
(v) the right to receive or deliver your data, in a structured, common and machine-readable form;
(vi) depending on your country of residence, the right to lodge a complaint with a data protection supervisory authority. In the Netherlands, this is the Personal Data Authority in The Hague (www.autoriteitpersoonsgegevens.nl).
We would like to hear from you if you wish to exercise certain rights. You can reach us at the contact details reported above.
Incidentally, the rights are not absolute; they do not apply in all circumstances and applicable regulations provide for necessary exceptions. If we do not comply with your request, we will explain why.
Do we share your data with others?
Yes, we share your data.
We do not manage and support the Tracefy Apps and the dashboard on which the data can be seen for us entirely ourselves. We are assisted in this by two companies that thereby automatically, and only for that purpose, also process your data. These companies are AWS (Amazon Web Services), an ICT company that provides server hosting and backups, and Auth0 an ICT company that provides the ability to log in. These companies work on our instruction. We have signed a processing agreement with these companies. And all data is stored on European territory.
If you have also taken out a subscription to have your bicycle traced in case of theft, we will share your data with the G4S or Recoveryservice NL investigation service. The detection party may contact you directly to inform you.
Bike manufacturers or bike rental companies and share bike operators also find it very interesting to know a bit more about how bikes are used. They can access anonymous ride data and heatmaps on our dashboard. Those data and heatmaps can only be viewed with a minimum number of 10 bikes. Bicycle manufacturers and bicycle rental companies have no access to your personal data and because of the minimum number of 10 bicycles, the anonymous data cannot be traced back to you. We therefore do not share any personal data with these parties, but we mention this here so you know that we anonymise your data for this purpose.
Since there is also a maintenance function in your app, bike manufacturers and bike shops can send you notifications via the app after a certain number of miles ridden. Such a notification will then say, for example, that it is time for the first service. For example, the bike shop will set in advance that everyone who has cycled 500 km will receive a notification that it is time for a service. You can then decide whether or not to make an appointment with your bike shop.
Of course, this is only possible if you have given your separate consent. Incidentally, the bike shop has no access to your personal data. Notifications are sent anonymously.
As explained above, insurers may request information about the theft and tracking of the bike. This may require sharing your details with them, such as your name and tracing information traceable to you.
You pay for the subscription through the payment provider (Mollie), you can find their privacy statement here: https://www.mollie.com/nl/privacy. They are responsible for processing your payment information.
Furthermore - only if we are required to do so by law - your personal data will be provided to regulators, other parties or persons or authorities.
Personal data may also be transferred to parties in countries outside the European Economic Area. That's Europe and a few more countries. As far as we are aware, we do not currently do this. Publishing videos or other information on online (social media) channels is not considered passing on outside Europe. According to the law, it is fine if your data is used within Europe, but not outside Europe. This is because then we cannot be sure that your data is being used securely. Therefore, if we store your data outside the European Economic Area, keep it or do something else with it, we enter into an extra agreement with the party storing or using the data there to protect your data.
Do we receive your data from others?
Is your data safe with us?
We consider the security of your personal data important. We have therefore taken appropriate technical and organisational measures to secure your personal data against loss or any form of unlawful processing. This means that while using the app and all functionalities there is always a secure (SSL) connection, and that we have a policy stating who can access your data when and why, and that we back up files, install updates on time and use anti-virus software. Moreover, our employees are bound by confidentiality, and must comply with our instructions aimed at the adequate protection of your data.
