Serco Limited ("Serco", "we" or "us") operates the Edinburgh Cycle Hire scheme (synonymous with ‘Just Eat Cycles’) in and around Edinburgh and is responsible for your personal information and we take our data protection and privacy responsibilities seriously.
We have developed this Privacy Policy to ensure you, who have accessed and used the Edinburgh Cycle Hire services including our website and mobile application, are informed and confident about the security and privacy of your personal information.
Please read this Privacy Policy carefully as it contains important information about how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or the Information Commissioner’s Office in the event you have a complaint.
This Privacy Policy supplements our Edinburgh Cycle Hire Terms and Conditions and is not intended to override them.
When using the term “personal data” or “personal information” in this Privacy Policy, we mean information (including opinions) that relates to you and from which you could be identified, either directly or in combination with other information which we may have in our possession.
To help you understand how we handle your personal information more clearly, below sets out the privacy principles which guide how we use your personal information. These principles provide that personal data should be:
Our website may provide links to third party websites. Serco is not responsible for the conduct of third party companies linked to the website and you should refer to the privacy notices of these third parties about how they may handle your personal information.
We may collect personal data about you when:
We may collect and use the following personal information about you:
If you do not provide certain personal information which we request, you may not be able to hire an Edinburgh Cycle Hire bicycle from us.
Special Category and Sensitive Data
We will not intentionally or systematically seek to collect, store or otherwise use information about you classed as ‘special categories of data' or 'sensitive data' (for example, information relating to your ethnic origin, health or sexual orientation).
Apple Health Integration
On iPhone, you can opt in to track your cycling as workouts using Apple Health. To calculate calories burned, heart rate and weight data is processed in the app. This data never leaves your phone, and is not used for data analysis or other purposes besides your personal records. You can withdraw your health data consent at any time via the Health app.
Data protection and privacy laws requires companies to have a “legal basis” or “lawful ground” to collect and handle your personal information. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Below is a summary of what we may use (process) your personal information for and our reasons for doing so:
What we use your personal information for | Our reasons |
---|---|
Provision of services: to provide the requested Edinburgh Cycle Hire services to you including taking payment and validating your account and hire details, communicating with you and providing customer service. | The use is necessary in connection with the performance of our contract with you or to take steps at your request prior to entering into a contract with us; or For our legitimate interests or those of a third party to provide the requested services and respond to any complaints or comments you may send us. |
Fraud detection: to prevent and detect fraud against you or Serco such as providing proof of identity if you request a copy of your data. | For our legitimate interests or those of a third party to minimise fraud that could be damaging for us and for you; or To comply with our legal and regulatory obligations. |
Safety: to ensure safe working practices and working environment and for staff administration. | To comply with our legal and regulatory obligations; or For our legitimate interests or those of a third party by making sure we are following our own internal procedures and working efficiently and safely so we can deliver the best service to you. |
Security: for security purposes, such as preventing unauthorised access and modifications to systems and protecting our staff, premises and vehicles. | For our legitimate interests or those of a third party to prevent and detect criminal activity that could be damaging for us and for you, to protect the well-being of our staff and ensuring the physical and electronic security of our business, premises and assets; or To comply with our legal and regulatory obligations |
IT and website operations: for the operation and management of our websites and IT systems, providing content and communicating with you and ensuring the security and availability of our IT systems. | For the performance of our contract with you or to take steps at your request before entering into a contract; or For our legitimate interests or those of a third party to operate our websites and IT systems including reporting faults. |
Marketing: to promote our services via by email, telephone, social media, post or in person or otherwise but ensuring that such communications are provided to you in compliance with applicable law. | For our legitimate interests or those of a third party for the purpose of promotion; or We have obtained your prior consent. |
Internal compliance: to ensure business policies are adhered to, such as policies covering security and internet use. | For our legitimate interests or those of a third party for the purposes of making sure we are following our own internal procedures so we can deliver the best service to you. |
Investigations and complaints management: to detect, investigate and/or prevent breaches of policy, complaints, claims, incidents and criminal offences. | For our legitimate interests or those of a third party to detect and protect against breaches of our policies, applicable laws and for the establishment, exercise or defence of legal claims; or For our legitimate interests or those of a third party to establish the facts in the event of a complaint, claim or query from a caller; To comply with our legal and regulatory obligations. |
Compliance: compliance with our legal and regulatory obligations such as Health and Safety, including maintaining an internal record of compliance. | To comply with our legal and regulatory obligations; or For our legitimate interests or those of a third party for the purpose of maintaining a record of compliance with our legal and regulatory obligations. |
Legal Proceedings: establishing, exercising and defending legal rights, including debt collection procedures. | To comply with our legal and regulatory obligations; or For our legitimate interests or those of a third party for the purpose of establishing, exercising or defending our legal rights. |
Business Analysis: for business management and operational reasons. | For our legitimate interests or those of a third party to provide an efficient and high quality service to you. |
Quality and Training: for quality assurance and staff and supplier training purposes. | For our legitimate interests or those of a third party to monitor and assess the quality of our service delivery (including compliance with our customer service standards) and to provide training from time to time to those staff involved in the provision of our services as required; |
Record maintenance: to update and enhancing customer records. | For the performance of our contract with you or to take steps at your request before entering into a contract; To comply with our legal and regulatory obligations; or For our legitimate interests or those of a third party to ensure that we can keep in touch with our customers about existing orders and new products. |
Research: to conduct market or customer satisfaction research, statistical analysis to help us manage our business such as analysing bike hire usage or engaging with you to obtain your views on our products and services. | For our legitimate interests or those of a third party to provide an efficient and high quality service to you; or We have obtained your prior consent. |
Risk management: audit, compliance, controls and other risk management. | For our legitimate interests or those of a third party to manage risks to which our business and staff are exposed. |
Our services may be booked directly and used by individuals aged 16 years or over. We do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to provide us with their personal information without parent or guardian consent. If you are under 16, do not send any information about yourself to us, including your name, address, telephone numbers, or email address, unless you have your parent's or guardian's permission.
In the event we learn that we have collected personal information from anyone under the age of 16, and do not have a parent or guardian's consent, we will delete that information as quickly as possible. If you have any concerns, please contact us at dataprotection@edinburghcyclehire.com or call us on 0131 278 3000.
In the event that we do hold personal data about children, we will handle that data in accordance with the terms of this Privacy Policy.
Edinburgh Cycle Hire will use cookies on its website. Cookies store data in your browser when you visit a website. You can choose to turn off cookies, but we do not recommend it.
Edinburgh Cycle Hire will use cookies for the following items:
Below are some the technical details of the cookies Edinburgh Cycle Hire store:
locale: remembering which language you have selected.
(cookies starting with) intercom: recognising you as the same user when you contact customer service via chat.
(cookies starting with) _ga: building anonymous statistics about how edinburghcyclehire.com is used.
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.
This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebookad. This enables us to measure the effectiveness of Facebookads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation.Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
We may use your personal information to send you updates (by email, telephone, post or text message) about our services including exclusive offers, promotions or products where you have consented for us to do so.
To protect privacy rights and to ensure you have control over how we manage marketing with you:
You can opt out of receiving marketing communications from us at anytime by:
We will not sell your information, or share with other organisations without your prior permission for marketing purposes. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you, such as using location information you have provided (e.g. your post code) to personalise your marketing experience.
We may record your conversation with our team when you call us on 0131 278 3000, but you will be advised by recorded message at the start of your call that your call may be recorded.
We record calls based on our legitimate interests as set out in section 5, including:
Call recordings will be stored for up to 6 months from the date of their recording unless there is a relevant incident, complaint, investigation, legal proceedings or legal obligation which requires us to retain the recording for longer. The recordings shall be stored securely, with access to the recordings restricted and monitored by management.
We may disclose your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets, or in the event there is a change of operator.
Less commonly, we may process and share your personal data with third parties where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.
The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") (for example, the United States). It may also be processed by workers operating outside the EEA who work for us or for one of our service providers.
We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To achieve this, transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we are satisfied that alternative arrangements are in place to protect your privacy rights. To this end, we will:
If you would like further information about the global handling of your personal information, please contact us at dataprotection@edinburghcyclehire.com
Serco takes precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect personal data using a variety of security measures including:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will store your personal information for as long as is reasonably necessary for the purposes set out in this Privacy Policy. Where your personal information is no longer needed, we will ensure that it is disposed of in a secure manner. Below is the general criteria we use to determine how long we will keep your personal information, where upon we will either delete or anonymise the data:
If you have given Serco permission to send email marketing messages to you then we will retain your marketing preferences until you notify us that you no longer wish to receive such communications. We will review our marketing lists regularly and may contact to you to ask if you wish to still continue receiving marketing emails.
In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
You have legal rights in connection with personal information.Under certain circumstances, by law you have the right to:
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for a number of reasons, including: (i) for compliance with a legal obligation; or (ii) for the establishment, exercise or defence of legal claims.
We can continue to use your personal information following a request for restriction, where: (i) we have your consent; (ii) to establish, exercise or defend legal claims; or (iii) to protect the rights of another natural or legal person.
Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.
We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
If you would like to exercise any of these rights, please submit your requests to
Data Protection Champion
Edinburgh Cycle Hire,
2nd Floor
Highland Rail House
Station Square
Inverness
IV1 1LE
Email: dataprotection@edinburghcyclehire.com
Telephone: 0131 278 3000
Subject to legal and other permissible considerations, we will make every effort to honour your request promptly to inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Requests About Your Child’s Information
Children have the same rights over their own personal information as an adult. However, as young children may not understand these rights or are not capable of exercising these right, in some cases their parents may do so on their behalf.
Serco takes the protection of children’s personal information very seriously and needs to be very careful about disclosure. If we are in any doubt as to whether the parent or guardian is entitled to make a request on their child or ward’s behalf, then we may refuse to comply with their request.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy. If you have any questions about this Privacy Policy or how we handle your personal information, please address to:
Data Protection Officer
Serco Ltd
Enterprise House
18 Bartley Wood Business Park
Bartley Way
RG27 9XB
Alternatively, please email dpo@serco.com or call +44 (0)1256 745900.
Supervisory authority
We would be happy to address any concerns you have about your data privacy directly, and we encourage you to contact us in the first instance with your queries. However, you have a right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113) who will then investigate your complaint accordingly.
This Privacy Policy was first published on 12/09/2018.
We may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version of this Privacy Policy. If we change this Privacy Policy, we will post the new policy on this website. On some occasions, we may also actively advise you of specific data handling activities or significant change to this Privacy Policy as required by applicable law.