Personal data policy

PERSONAL DATA POLICY

1. INTRODUCTION
Cycleurope Sverige AB (“Cycleurope”) is the personal data controller for processing of Personal data (see definition below) through our digital products and services, such as mobile applications, websites, service platforms, connected bikes and other future digital interfaces.
This Personal Data Policy (hereinafter "Personal Data Policy") is intended to ensure that you as a user feel confident that Cycleurope handles your Personal Data in accordance with applicable legislation. The Personal Data Policy describes how we process your Personal Data when you use the digital channels and/or any of the products, offers, features, tools, services or resources we provide (the "Services"). You do not need to provide any Personal Data to use some of the Services, but if you do not provide requested information, you may not be able to access the Services or use all parts of the Services. If you cannot find the answer to any question you may have, feel free to contact us. Information on how to contact us can be found under the heading "Contact details" below.

2. WHAT PERSONAL DATA ARE PROCESSED
“Personal data” refers to any kind of information that can be directly or indirectly attributed to a natural person.

Personal data and data that are handled comprise the following:

• First and last name
• Date of birth
• Home address
• Telephone number
• Email address
• SOL - insurance number (bicycle)
• IMEI number (if the bicycle has a device connected to the network)
• Frame number (bicycle)
• Key number (bicycle)
• IP address
• Internet browser and device type
• Payment information, incl. account details and/or credit card number and purchase history (when purchasing in-app)

What information and why?
Information and Personal Data that you provide are mainly used to ensure a high level of service and quality for you as a cyclist. We want to establish a long-term relationship with you and offer you services and products that we believe are of interest to you, based on where and how you use your bike, as well as based on previous purchases and use of services. Based on data on how your bike is used, we also develop future products and service offers.

When you use and make purchases in our mobile applications or websites, we handle your Personal Data and other data from you. This applies when you use Services in the app that we or our partners provide, as well as bicycle data from connected bicycles. We also collect data from you when you contact us for support, as well as when you request information from us regarding our Services.

Automatic data
We collect Personal Data automatically through cookies, web, GPS and other technologies when you visit our digital platforms (e.g. website and app) or use our Services. Information that is automatically collected includes domain name, browser type and operating system, website history, link click, IP address, time at website and/or use of our Services. This information may be used individually or in combination with other information.

3. INFORMATION FROM THIRD PARTY
In some cases, we may supplement the Personal Data you provide with information from a third party in order to evaluate and improve the digital channels and Services, as well as offers and marketing. Such information may be obtained from insurance companies, assistance companies, dealers and security companies for the aforementioned purposes.

4. SENSITIVE PERSONAL DATA
Sensitive Personal Data refers to any information that relates to racial or ethnic origin, political views, religious or philosophical beliefs, or membership in trade unions, as well as Personal Data relating to health or sexual life (hereinafter "Sensitive Personal Data"). We will not process Sensitive Personal Data within the context of the Services.

5. WHAT DO WE USE PERSONAL DATA FOR?
The aims and purposes of our processing of your Personal Data are to administer orders, deliveries, payment and financing of goods and Services that you order, as well as to be able to contact you in order to fulfill our statutory product liability should a delivered product prove to be defective. We also collect and process Personal Data to optimize the use of digital channels and Services, as well as to offer you customized information, offers and marketing based on your interests and similar. For research and development purposes, we collect and process information on the use of our connected bicycles in order to improve our products and Services. Personal Data may also be processed when we receive views on digital channels and included Services, as well as to enable you to participate in competitions or other activities. Personal Data may also be processed to administer insurance cases.

6. INFORMATION TO THIRD PARTY
We may share information about your interests and similar with our partners so that they can also offer you customized marketing and offers. Where applicable, we may also transfer your Personal Data to our financing partners in conjunction with selling your invoices. We may also share the Personal Data you provide to us with third parties in accordance with what is permitted by you or through your use of the Services. For example, if you are involved in a transaction with one of Cycleurope's resellers, the reseller may be provided with your first and last names, and address, etc., to complete the transaction. The same applies to the purchase of Services through or by third parties in Cycleurope's mobile applications.
Cycleurope may share aggregated and/or anonymized information about you to third parties for research, analysis, or marketing purposes, as well as for similar purposes.

Your Personal Data may also be processed and shared with third parties in the event of an investigation or action against illegal activities, suspected fraud, situations related to possible threats to individuals' security or in violation of our policies and conditions.

Third party services and websites
Cycleurope is not responsible for websites or services provided by third parties. These websites have their own privacy policies and Cycleurope is not responsible for their activities, including their information policies. Any user who sends information to or through third party websites should review the privacy policies posted on those websites before sending any Personal Data to them.

In addition to what is stated in this Personal Data Policy, we will not share the Personal Data you provide to us with any third party. Third party does not mean any individual or legal person who directly or indirectly controls, is controlled by, or is otherwise under the same control as Cycleurope (“Group Company”). Group companies that have access to the Personal Data will at all times process this information in accordance with what is stated in this Personal Data Policy. Partners who process Personal Data on our behalf and with whom we have entered into a personal data processing agreement are also not to be regarded as third parties.

We may engage independent providers of Services in connection with our digital channels or the Services. In some cases, these providers handle Personal Data on our behalf. We will always endeavor to limit such access to Personal Data and only share Personal Data that is reasonably necessary for providers to be able to carry out their work or provide their services. We will also require these providers to (i) protect your Personal Data in accordance with this Personal Data Policy and (ii) not use or disclose your Personal Data for any purpose other than to provide us with agreed products or services. In accordance with current legislation, we will also enter into written personal data processing agreements to further protect your Personal Data.

7. TRANSFER TO A THIRD COUNTRY

If any of our providers or partners are located in a country outside the EU/EEA, your Personal Data may be transferred to a country that does not have a security level equivalent to ours. We will take all necessary measures to protect your Personal Data in connection with such transfers, for example, by entering into agreements with all recipients to ensure that your Personal Data are adequately protected.

8. CONSENT
In the event that we need your consent to collect and process your Personal Data we will contact you and request such express consent. If you have given us your consent, you may revoke it at any time.

9. DELETION OF DATA
Your Personal Data will not be retained for longer than is necessary for the purposes of the processing and we will otherwise delete Personal Data in a manner that complies with applicable law.

10. YOUR RIGHTS
You have the right to request information about what Personal Data about you that we process, how it is used, the source from which this information was obtained, and the recipients or categories of recipients to whom the information has been disclosed. You may request to have information about you corrected if it is incorrect or incomplete. According to applicable legislation, you also have the right to request that your Personal Data be deleted, that the processing of your Personal Data be restricted and to object to the processing of your Personal Data. You also have the right to request to have your Personal Data transmitted in electronic format.
You may file a complaint with the Swedish Data Protection Authority (Datainspekionen) if you believe that we are not processing your Personal Data in compliance with applicable laws.

11. SECURITY
We take all appropriate technical and organizational security measures that
are required to protect Personal Data against unauthorized access, modification or destruction. However, there is always a risk associated with providing Personal Data on digital channels since it is not possible to completely protect technology systems from intrusion.

12. CONTACT DETAILS
If you have any questions or concerns about the processing of your Personal Data, please contact us. You will find our contact details below.
Cycleurope Sverige AB
Birger Svenssons Väg 28
432 40 Varberg
+46 (0)340-860 00
Info@cycleurope.se