Privacy Policy
We take your privacy seriously. This policy outlines how we collect, use, and protect your information.
Last Updated: December 15, 2024
1. Introduction
UrbanFix: CykelMester ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service"). This policy also describes your data protection rights, including the right to object to some processing that we carry out. By using our Service, you consent to the data practices described in this Privacy Policy.
2. Data Controller
UrbanFix: CykelMester is the data controller for the personal data processed through our Service. Our company operates across Denmark and Sweden, serving cities including Copenhagen, Malmö, and other major Danish and Swedish cities. You can contact us regarding data protection matters at privacy@urbanfix.dk or by using the contact information provided at the end of this policy.
3. Information We Collect
We collect several types of information for various purposes to provide and improve our Service. PERSONAL INFORMATION: Name, email address, phone number, postal address, date of birth, profile photo, and payment information. BICYCLE INFORMATION: Bicycle brand, model, type, size, and repair history. LOCATION DATA: Real-time location (with permission) to connect you with nearby service providers and track service completion. USAGE DATA: Information about how you access and use our Service, including device information, IP address, browser type, pages visited, and time spent on pages. COMMUNICATION DATA: Messages exchanged through our in-app chat system between customers and service providers. REVIEW AND RATING DATA: Reviews, ratings, and feedback you provide about service providers or receive as a service provider.
4. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds: CONTRACT PERFORMANCE: Processing necessary to perform our contract with you or to take steps at your request before entering into a contract. LEGITIMATE INTERESTS: Processing necessary for our legitimate interests, such as improving our services, fraud prevention, and marketing (where not overridden by your rights). CONSENT: Where you have given clear consent for us to process your personal data for specific purposes. LEGAL OBLIGATION: Processing necessary to comply with legal obligations to which we are subject.
5. How We Use Your Information
We use the collected information for the following purposes: SERVICE PROVISION: To facilitate bookings, connect customers with service providers, process payments, and provide customer support. COMMUNICATION: To send service updates, booking confirmations, promotional materials (with consent), and respond to inquiries. IMPROVEMENT: To analyze usage patterns, improve our Service, develop new features, and enhance user experience. SAFETY AND SECURITY: To verify identities, prevent fraud, ensure platform safety, and comply with legal requirements. MARKETING: To send promotional communications about our services, special offers, and updates (with your consent). ANALYTICS: To understand how our Service is used and to improve our business operations.
6. Information Sharing and Disclosure
We may share your personal information in the following circumstances: SERVICE PROVIDERS: With bicycle mechanics and repair shops to facilitate service bookings and completion. THIRD-PARTY SERVICE PROVIDERS: With companies that provide services on our behalf, such as payment processing, data analytics, email delivery, hosting services, customer service, and marketing assistance. BUSINESS TRANSFERS: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business. LEGAL REQUIREMENTS: When required by law, court order, or government request, or to protect the rights, property, or safety of UrbanFix: CykelMester, our users, or others. WITH CONSENT: With your explicit consent for any other purpose. We do not sell, trade, or rent your personal information to third parties for their marketing purposes.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. ACCOUNT DATA: Retained for the duration of your account plus 7 years after account closure for legal and tax purposes. TRANSACTION DATA: Retained for 7 years after the transaction for accounting and legal requirements. COMMUNICATION DATA: Retained for 2 years after the last communication for customer service purposes. MARKETING DATA: Retained until you withdraw consent or for 3 years after last interaction. LEGAL CLAIMS: Data may be retained longer if involved in legal claims or disputes.
8. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: ENCRYPTION: Data transmission is encrypted using SSL/TLS protocols. ACCESS CONTROLS: Strict access controls ensure only authorized personnel can access personal data. REGULAR SECURITY ASSESSMENTS: We regularly review and update our security practices and conduct security assessments. EMPLOYEE TRAINING: All employees receive training on data protection and privacy practices. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
9. International Data Transfers
Your personal data may be transferred to and processed in countries other than Denmark and Sweden, including countries outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as: ADEQUACY DECISIONS: Transfers to countries deemed adequate by the European Commission. STANDARD CONTRACTUAL CLAUSES: Using EU-approved standard contractual clauses with third-party processors. CERTIFICATION SCHEMES: Working with providers certified under approved data protection certification schemes.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and use personal information about you. ESSENTIAL COOKIES: Necessary for the website to function properly and cannot be disabled. ANALYTICS COOKIES: Help us understand how visitors interact with our website by collecting and reporting information anonymously. MARKETING COOKIES: Used to track visitors across websites to display relevant and engaging advertisements. You can control cookies through your browser settings and our cookie preference center. Disabling certain cookies may limit your ability to use some features of our Service.
11. Your Data Protection Rights
Under GDPR and Danish data protection law, you have the following rights: RIGHT OF ACCESS: Request copies of your personal data and information about how we process it. RIGHT TO RECTIFICATION: Request correction of inaccurate or incomplete personal data. RIGHT TO ERASURE: Request deletion of your personal data under certain circumstances. RIGHT TO RESTRICT PROCESSING: Request that we limit the processing of your personal data. RIGHT TO DATA PORTABILITY: Request transfer of your data to another service provider in a structured, commonly used format. RIGHT TO OBJECT: Object to processing based on legitimate interests or for direct marketing purposes. RIGHT TO WITHDRAW CONSENT: Where processing is based on consent, you can withdraw it at any time. To exercise these rights, contact us at privacy@urbanfix.dk. We will respond within 30 days of receiving your request.
12. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 18 without parental consent, we will promptly delete such information from our records.
13. Marketing Communications
With your consent, we may send you marketing communications about our services, special offers, promotions, and updates. You can opt out of marketing communications at any time by: UNSUBSCRIBE LINK: Clicking the unsubscribe link in any marketing email. ACCOUNT SETTINGS: Updating your communication preferences in your account settings. CONTACT US: Emailing us at privacy@urbanfix.dk with your opt-out request. Even if you opt out of marketing communications, we may still send you service-related communications necessary for your use of our Service.
14. Third-Party Links and Services
Our Service may contain links to third-party websites, applications, or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit or use. This Privacy Policy applies only to information collected by our Service.
15. Data Breach Notification
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also report certain types of data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law. Our notification will include information about the nature of the breach, the categories and approximate number of individuals affected, and the measures we have taken or will take to address the breach.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date. For significant changes, we may also notify you by email or through our Service. Your continued use of our Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes.
17. Supervisory Authority
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Denmark, the relevant authority is the Danish Data Protection Agency (Datatilsynet). You can contact them at: Email: dt@datatilsynet.dk. Website: www.datatilsynet.dk. In Sweden, the relevant authority is the Swedish Authority for Privacy Protection (IMY). You can contact them at: Email: imy@imy.se. Website: www.imy.se.
18. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: privacy@urbanfix.dk. Data Protection Officer: privacy@urbanfix.dk. We will respond to your inquiry within 30 days.