Last updated: November 20, 2021

We are pleased to learn about your interest in joining our community at Cyrcl Mobility OOD, doing business as Cyrcl (“Cyrcl”, “we”, “us”, “our”). The protection of your personal data is an important concern for us. If you have any questions or concerns about this Privacy Policy, please contact us as info@cyrcl.eu.

This Privacy Policy applies if you:

● Download and use our mobile application “Cyrcl — your city bike-sharing”
● Visit our website at https://www.cyrcl.eu
● Engage with us in other related ways, including, but not limited to, any marketing initiatives, sales, or events In this Privacy Policy:
● “App” means any application of ours that links to this policy
● “Website” means any website of ours that links to this policy
● “Services” means our App, Website, and other related services, including, but not limited to, any marketing initiatives, sales, or events. This Privacy Policy is meant to explain to you in a clear way what data we collect, how we use it, and what rights you have in relation to it. In case you do not agree with any of the terms in this Privacy Policy, please terminate the use of all our Services immediately. Table of Contents

1. Data Controller
2. Data we collect
3. Use of collected data
4. Data transfer
5. Use of cookies and similar technologies
6. Third-party websites
7. Data storage period
8. Data security
9. Your rights
10. Data review, modification, or deletion
11. Privacy Policy updates

1. Data Controller

According to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws as well as other data protection regulations, the controller is:

Cyrcl Mobility OOD
UIC: 206347796
ul. “Narodno Horo” 46A
1618 Sofia
Bulgaria
Phone: +359 896 755 556
Email address: info@cyrcl.eu
Information about national Data

Protection authority: Commission for Personal Data Protection bul. “Professor Tsvetan Lazarov” 2
1592 Sofia
Bulgaria
Phone: +359 (2) 915 35 19
Website: www.cpdp.bg


2. Data we collect Personal data means any information relating to an identified or identifiable person. Personal data you disclose to us We collect personal data that you voluntarily provide to us when you:
● Register on the Services
● Express an interest in acquiring information about us, our products, or our Services
● Participate in activities on the Services
● Contact us

The personal data is collected based on the context of your interactions with us and the Services, the products and features you use, and the choices you make. The data may include, but is not limited to, the following:

Personal data provided by you. This includes names, phone numbers, email addresses, passwords, debit/credit card numbers, countries and cities of residence, addresses, national identity numbers, voluntary feedback, other messages to Cyrcl Mobility OOD regarding the Services, and other similar information.

Payment Data. This includes data necessary to process your payment if you make purchases. For example, payment instrument number, validity date and security code associated with your payment instrument. Please, keep in mind that we do not keep or process this data ourselves. Such data is kept and processed only by our subprocessor First Investment Bank AD. Please find their Privacy Policy here:https://www.fibank.bg/en/about-us/corporate-governance/compliance/personal-data/payment-services

All personal data that you provide to us must be true, accurate, and complete. You have the obligation to notify us if there are any changes to such personal data.

Automatically collected data

Certain types of data are collected when you download, visit, use, or interact with our Services. This data does not reveal your identity but may include information related to your device and your usage of our Services. It is necessary for the maintenance, security, and operations of our Services, and for the purposes of our internal analytics and reporting.

This data includes, but is not limited to:

Device Data. When you download, visit, use, or interact with our Services, we collect data about your computer, smartphone, tablet or any other device you use for the purpose. It may include:

● IP address of the requesting computer/device (or proxy server)
● Browser type, operating system of your device, settings, access provider
● Device and application identification numbers
● Hardware model
● Mobile carrier
● System configuration data
Log and Usage Data. When you download, access, or interact with our Services, we collect the personal data that is automatically transmitted to our servers. This information is temporarily stored in a so-called log file. It may include:

● IP address of the requesting computer/device (or proxy server)
● Date and time stamps
● Access status and device event information (e.g. whether you were able to access our Services or whether you received an error message)
● Name and/or URL of the page/file accessed
● Web page from which access was made (referrer URL)
● Browser type, operating system of your device, settings, access provider
● Information on the use of the functions of our Services
● Information on the search terms you may have entered on our Services

(Geo)location Data. When you download, visit, use, or interact with our Services, we collect data about your device’s location. The amount and type of location data that we collect depends on the type and settings of the device you use for the purpose. You have the right to opt out of allowing this data to be collected either by refusing access to the data or by disabling the location setting on your device. If you choose to opt out, however, you may not be able to use certain features of our Services.

Other data collected through our Services or other sources

We collect certain additional data through our Services if you download, use, or interact with them. This may include:

Push Notifications. In order to send you information regarding your account, promotions, or certain features of the Services, we may ask to send you push notifications. You have the right to opt out from getting these notifications through your device’s settings. Device Access. In order to deliver all available functionalities of our Services, we may ask for access to your device’s Bluetooth, sensors, camera, flashlight, contacts, and other features. You have the right to opt out of allowing us to collect this data through your device’s settings. Vehicle usage and rental. When you rent and/or use our vehicles, we collect certain data from the vehicles and the electronic devices attached to them. This data may include:

● Geo(location) of the vehicle
● Date and time stamps (e.g. date and time of locking / unlocking the vehicle)
● Rental duration
● Distance travelled and speed
● Route
● Battery level of any electronics attached to the vehicle

Data from other sources. We may collect additional data from third parties in order to provide offers, products, and services that are more suitable for you, to enhance our current offerings and Services, and to provide targeted advertising and event promotions. The list of other sources may include, but is not limited to, public databases, partners, data providers, and affiliate programs. The data may include:

● Addresses
● Email addresses
● Phone numbers
● Behavioral data
● IP addresses
● Social media profiles and URLs


3. Use of collected data

We use the collected data in a number of ways in addition to those stated in point 2 of this Privacy Policy. In particular we use it:

● For user account creation and management
● For user identification
● To post testimonials. We will do so only after receiving your explicit consent.
● To request feedback
● To offer customer support
● To manage competitions and prize draws
● To deliver our Services and manage customer orders
● To protect our Services
● To facilitate administrative activities
● To respond to legal requests and prevent harm
● For protection and control of our assets and the establishment and exercise of legal claims
● For fraud protection and prevention
● To send marketing and promotional communication. You can opt out of receiving marketing emails by sending a request on info@cyrcl.eu.
● To provide targeted advertising. For more information you can take a look at our Cookies Policy
● For other business purposes. This may include, but is not limited to, analysis, reporting, performance measurement, and improving our Services.

4. Data transfer

We may share your data with third parties only if there is a legal basis for doing so, in particular if:

● We have received your consent to do so
● It is necessary to do so for the purposes of achieving our legitimate business interest
● It is necessary to do so for the purposes of fulfilling the terms of a contract we have with you
● We are legally obliged to do so
● This will help us investigate, prevent and/or take action against potential policy violations and/or illegal activities of any kind

The categories of third parties that we may share information with may include:

● Advertisement and marketing networks and services
● Storage and cloud computing services
● Monitoring and analytics services
● Communication and collaboration services
● Finance and accounting services
● Product development tools
● Government entities
● Sales services
● Social networks
● Order fulfillment services
● Website hosting services
● User management services
● Server, software, telemetric and telematic providers
● Insurance companies
● Notaries, lawyers, private enforcement agents, and others, for the purpose of executing our Terms and Conditions and protecting our assets and legitimate business interests. We reserve the right to disclose and / or share anonymous and aggregated data based on information related to the personal data of individual users, without this data being personally identifiable. For example, we may share statistics publicly to present trends of the overall use of our Services.

5. Use of cookies and similar technologies

We use cookies and similar technologies on our website for the purpose of accessing or storing information. You can find more information in our Cookies Policy here: link

6. Third-party websites

You may see information about third-party websites that are not affiliated with us on our website. This information may include advertisements, linking to other websites, applications, or online services. We are not responsible for any information collected or stored by these third-party websites and services and any damage caused by them. You should always contact them in cases of privacy violations or when you require additional information and/or assistance.

7. Data storage period

We will keep your data until we need it for Service provisions. However, data may be stored even after the termination of a contract between you and Cyrcl for the purposes of contractual and legal compliance.

The data storage period is no longer than 5 (five) years after the date of contract and/or account termination. In case of administrative or court proceedings by or against a client, all data is stored for a period of 5 (five) years from the issuance of a final court decision or payment of the debt.

8. Data security

We are committed to keeping your data safe by employing a number of organizational and technical security measures. These include, but are not limited to, the use of recognized encryption procedures (e.g. SSL, TSL, and others), limited access to data only to authorized and trained staff, data protection policy and security procedures, which are regularly reviewed and modified if necessary.

9. Your rights

The EU General Data Protection Regulation gives you certain rights that allow you to access and control the data you give us access to. These rights include:

● requesting information and access to your personal data. This includes the categories of data we store and process, the categories of recipients and third-parties with whom your data will or may be shared, the right to ask us to erase or edit your data, and the planned period for which we will store your data, among others.
● lodging a complaint to the regulatory bodies
● requesting erasure or restriction of the processing of your data (after agreeing that this may decrease the quality of our Services or restrict you from using these Services in general)
● requesting additional information on the purposes and storage method of your data at info@cyrcl.eu.
● withdrawing your consent

10. Data review, modification, and deletion

Based on the GDPR laws in the European Union or the applicable laws in your country (for countries outside the European Union) you may have the right to request review of the information we collect about you and the ways we protect it. You may also have the right to request deletion of this data after agreeing that this may decrease the quality of our Services or restrict you from using these Services in general. To request review, modification, and/or deletion of your data, please email us at info@cyrcl.eu.

11. Privacy policy updates

We will update this Privacy Policy with the purpose of improving the quality of our Services and staying compliant with international and national laws. You can check the date of this Privacy Policy at the top of this page. We encourage you to check this Policy regularly in order to stay updated with the ways we process and protect your data.