Privacy Policy

Bike and Go is committed to protecting and respecting your privacy when you use our services. We want you to be confident that your data is safe and secure, that you understand how we collect it, use it and protect your personal data. Our privacy notice below sets out our approach to this;

 

PRIVACY NOTICE

 

INTRODUCTION

Bike and Go is committed to protecting and respecting your privacy when you use our services. We want you to be confident that your data is safe and secure, that you understand how we collect it, use it and protect your personal data.

The data controller is Merseyrail Electrics 2002 Limited (referred to in this policy as “we” or “us”).

We are committed to doing the right thing when it comes to your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which

  • Sets out the types of personal data that we collect

  • Explains How and Why we collect and use that information;

  • Explains when and why we will share personal data within our group of companies

  • How we keep information secure; and

  • Explains the rights and choices you have when it comes to your personal

 

CONTENTS

  • Information we may collect from you

  • How and why we use your information

  • Sharing or disclosure of your information

  • Types of information we collect

  • Website visits and purchases

  • Children’s data

  • Where we store your personal information

  • Information Security

  • Your rights

  • Complaints

  • How long we keep your data for

  • Changes to this Privacy Policy

     

 

 

 

For the purposes of the EU GDPR (2016/679), the data controller is:

Merseyrail Electrics (2002) Limited

9th Floor, Rail House

Lord Nelson Street

Liverpool

L1 1JF

 

Our Data Protection Manager (DPM) is:

Helen Hodgkinson

9th Floor, Rail House

Lord Nelson Street

Liverpool

L1 1JF

[email protected]

 

Our nominated Data Protection Officer (DPO) is:

Sheryl Campbell

Abellio UK HQ

5th Floor, The Culzean Building

36 Renfield St

Glasgow

G2 1LU

[email protected]

 

More information about the General Data Protection Regulation and all related and subordinate legislation as amended or re-enacted from time to time can be found on the Information Commissioners website https://ico.org.uk/

The Information Commissioner is our regulator for data protection matters.

 

INFORMATION WE MAY COLLECT FORM YOU

We may collect and process information about you when you:

  • Visit our website;

Please see the Cookies section below for more information,

 

  • Register for the scheme;

When you freely choose to register with our Bike and Go scheme, we will ask you to provide your email addresses and other personally identifiable information such as first and last name, home or other physical address, telephone number, payment information and other similar information.

  • Register for marketing communications;

On registering with our Bike and Go scheme, we will ask if you would also like to receive marketing communication.  Your decision on this will not impact your eligibility to register for the scheme and you will be offered a separate consent option for any marketing activity.

 

HOW AND WHY WE USE YOUR INFORMATION

We will only use the information you provide as permitted by Data Protection Law (DPL). Our reason(s) for using your data will vary depending on: how you contact us, use our services, the consent you have given, our legitimate interests, or any legal obligations we may have. Reasons for use of your data include:

  • To provide you with the service - things like carrying out our obligations arising from our contract with you – renting you a bike, making and taking payments.  We mostly rely on the legal grounds of contractual performance to process your data, but sometimes the data is also used for our legitimate interests of customer service and improving our services.

  • To provide you with details of our services, information about the scheme and customer service – this is based on our legitimate interests, to run Bike and Go services.

  • To provide you with details of promotions and offers which we feel may interest you – this is based on your freely given consent for us to contact you for marketing purposes.  You have an absolute right to ask us to stop sending marketing emails.

  • To run our services and improve them – Website information and rental information is aggregated to measure the number of visits, average time spent on the site, pages viewed, etc. Bike & Go use this information to measure the use of our Site and to improve the content of our Site.  We have also provided further information on our use of cookies in the section ‘TYPES OF INFORMATION WE COLLECT’ below.

  • To run competitions – this is based on your freely given consent for us to contact you for promotional purposes.  You have an absolute right to withdraw such consent at any time.

  • We are part of a Group of Companies and share administrative services and support. Your data may therefore be shared with other Group companies where appropriate, in accordance with our legitimate business interests.We also have a legal obligation to pass certain customer data to successor franchisees/concessionaires, Secretary of State, Department for Transport and Merseytravel.

 

Our Legitimate Interests comprise:

  • Running our business and Group businesses, in a safe and socially and environmentally responsible manner;

  • Providing a sustainable and high quality bike rental scheme;

  • Improving and expanding our bike rental and other commercial services that we offer, and our associated levels of customer service;

  • Operating with financial discipline, reducing economic crime and providing maximum shareholder value;

  • Operating with financial discipline to provide shareholder value and improve customer services; and

  • Taking appropriate steps to help ensure the safety, security and well-being of our customers, employees, suppliers and any other relevant third parties

 

SHARING OR DISCLOSURE OF YOUR INFORMATION

We will only share or disclose your information as set out in this Policy or in accordance with DPL and will obtain your consent where we are required to do so.  We will only use third parties to process information where we are satisfied that they comply with these standards and can keep your data secure.

We may share or disclose information for the following reasons:

  • We use data processors to provide or assist with some of our services, for example, the processing of payments. Where we do so, they must agree to strict contractual terms and to keep your data secure;

  • To respond to your complaints or administer requests you have made, either to us or another regulatory body such as the Department for Transport, Transport Focus the Rail Complaints Ombudsman or other Train Operating Companies (TOCs);

  • To process payment card transactions.Your card data is shared with our several payment and banking service partners, as necessary to complete your transaction with us.

  • To comply with requests from the British Transport Police under an Information Sharing Protocol, ensuring that any disclosure is lawful;

  • To comply with the police or other law enforcement agencies for the purposes of crime prevention or detection.These are dealt with on a case-by-case basis, under a specific Information Sharing Protocol, to ensure that any disclosure is lawful;

  • To comply with other legal obligations for example, relating to crime and taxation purposes or regulatory activity;

  • To protect our legitimate business interests, as outlined above;

  • Where required because of the sale, merger, or acquisition of business assets.As the Railway Industry is run on a system of franchises/concessions, we are required to transfer our customer data to a successor franchise/concession, the Secretary of State, or Merseytravel.This is so that they can take over and continue the running of the railway service;

  • In respect of information provided to us for marketing purposes only (including freely given consent), to the Department for Transport, Merseytravel and/or any successor operator of the rail franchise/concession in order that they may contact you for marketing purposes in the event that we cease to operate this rail franchise/concession;

  • If you have agreed (via freely given consent) to receive information for competition, promotion, survey or research purposes, we may share your contact details with a limited number of parties, but only for the reasons you have agreed to in the terms and conditions of the purpose;

  • Where you have consented, to share with other members of our corporate owning groups in respect of any services, promotions and offers which we feel may interest you. Details of other members of Abellio can be found here, and further information regarding Serco’s various divisions and operations can be found here – Serco Group and Serco UK & Europe; and

  • If we share data across our Group companies, we will only do this in accordance with a written data sharing agreement.

 

TYPES OF INFORMATION WE COLLECT

WEBSITE VISITS AND PURCHASES

This section shows the information we collect when you use our website. Before providing us with your details, please read the following important information regarding:

  • Collection of visitor information;

  • Hyperlinks; and

  • Cookies

Bike and Go gathers general information about users, for example, what services users access the most and which areas of the website are most frequently visited.  Such data is used in aggregate to help us to understand how the Site is used.  We gather this information so that we can continue to improve and develop our services to the benefit of our users.  We may make this aggregated information available to users of the Bike & Go website and to auditors.  These statistics are anonymous and contain no personal information and cannot be used to gather such information.

When you register with Bike and Go or enter a competition, we ask for personal information such as your name, contact details, payment details and other details.  Once you register with Bike and Go and accept our Terms & Conditions, you are not anonymous to us.  We may use information that you provide to alert you to our own products and services.  We may contact you regarding site changes or changes to the Bike and Go products or services that you use.

Your personal data will be used principally to communicate with you with reference to your use of the Bike and Go product.

You may opt-in to receive newsletters, exclusive discounts, special offers and other marketing emails from Bike and Go when you register.  You may unsubscribe at any time by logging into your account at on the website or by emailing us via [email protected]. We will update your preferences as soon as possible.

Hyperlinks

We may provide hyperlinks from the Site to third party websites.  No liability is accepted for the contents of any site operated by a third party which may be accessed via links from the Site.  These links are provided for your convenience only and do not imply that Bike and Go approves or recommends the content of such sites.  We encourage our users to be aware when they leave the Site to read the privacy statements of each and every website that collects personal data.  This Privacy Policy applies solely to information collected by Bike and Go.

Cookies

Cookies are tiny files that are automatically stored on your computer, tablet, mobile or other digital device whenever you visit a website.

We use a number of Cookies on our site which are designed to improve your experience. The Cookies we use, which cannot harm your device in anyway, are listed in the table below.

Name

Details

Expiry

_utma

Google Analytics uses this cookie to record the number of unique visitors to our site and the frequency of views each webpage obtains

730 days

_utmb

Google Analytics uses _utmb to establish interaction within our site. The cookie will expire if you spend longer than 30 minutes on a page without navigating to another

30 minutes

_utmc

Previously used by Google Analytics Java Script to define a session status

End of session

 

Access to the database containing personal information on registered users of the site is restricted. In addition, we encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet.  SSL is certified by Verisign and is recognised as a secure way to pay on-line.  As you may be aware, no data transmission over the Internet can be entirely secure.  As a result, while we will always use reasonable endeavours to protect the personal information you provide to us, we cannot guarantee the security of your information and the use of our facilities (e.g. e-mail) is at your own risk.  If you have any questions about paying for your bike rental through the Site, please email us at [email protected].

 

CHILDREN’S DATA

We do not routinely process children’s data.  In the rare instances that we do, however, we may be required to gain consent from a parent or guardian to process the child’s data. It is our policy that visitors to our Site who are under the age of 18 should not post or provide information on our Site without the consent of their parents or legal guardians. You should supervise the online activities of your children, and consider the use of parental control tools available from online services and software providers that help provide a child friendly Internet environment.

 

WHERE WE STORE YOUR PERSONAL INFORMATION

The information that we collect from you will only be stored in the European Economic Area (“EEA”) or, where it is necessary to disclose it to our processors located outside the EEA, other jurisdictions which are acceptable according to guidance provided by the Information Commissioner and/or where appropriate legal and security safeguards are in place.  Please contact our Data Protection Manager (see Page 2 for details) if you wish to find out more about the safeguards.

 

INFORMATION SECURITY

We use a range of appropriate technical and organisational measures to safeguard access to and use of, your personal information and to ensure it retains its integrity and availability.  These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training.  We also consider anonymising or pseudonymising personal data where practical.

 

YOUR RIGHTS

Unless stated otherwise, we will aim to satisfy your instruction, or inform you as to why we are unable to, without undue delay and within 1 month of receiving your requests.  If we anticipate that we will not meet with this timeframe we will let you know within 1 month and explain what the problem is.

If you wish to take up any of your rights as set out below, please contact our Data Protection Manager (as detailed on Page 2).

 

RIGHT TO OBJECT TO DIRECT MARKETING

To prevent marketing to you, you have the right to ask us not to process your personal information for marketing purposes.  We will usually inform you before collecting your information if we intend to use or disclose it for such purposes.  If you do not want us to use your information for marketing purposes either change your preferences by logging into your account on our website or email us via [email protected]Please note changes to your subscription preferences will be made as soon as possible.

 

RIGHT TO BE INFORMED AND RIGHT OF ACCESS

You have the right to be told what information we hold about you.  You are also able to request a copy of your personal information.  We may need to ask for some further information, such as checking who you are.  Please let us know in what format you wish to receive your information. 

You can download our Data Subject Access Request Form here: Variant B (if you represent a law enforcement agency) or Variant A (for all other applications).  You should then print, complete and return the relevant form to us at the address provided on the form. This will help us deal with your request more efficiently.  Alternatively, you may contact our Data Protection Manager (using the details provided on Page 2).

Sometimes we may hold information that we don’t have to provide, for example it would prejudice a police investigation or if the disclosure would cause harm to another person whose personal data is inseparable from your data.

In most cases we provide the copy of your data to you for free, although you may be charged in some instances.  Please see ‘HOW WE DEAL WITH RIGHTS REQUESTS’ below for further detail.

 

RIGHT OF RECTIFICATION and RIGHT OF RESTRICTION

If you believe that the information we hold about you is inaccurate or incomplete you can contact us and ask us to correct it.  You may also request that any processing we are carrying out on your data is halted whilst a request for rectification, objection or a dispute over the lawfulness of processing is being considered. We will provide a response confirming the action we have taken or disagree with taking.

 

RIGHT OF ERASURE

This is also known as the “Right to be forgotten”.  You can request deletion or removal of personal information in some circumstances, such as where there is no compelling reason for its continued processing.  We will also take reasonable steps to notify third parties of your instruction and request that they act upon it, in a similar manner.

 

WITHDRAWAL OF CONSENT

Where you have consented to receive direct marketing communications, you can withdraw your agreement at any time, either by logging in and changing your preferences on our website or emailing us via [email protected]Please note changes to your subscription will be made as soon as possible.

 

 

AUTOMATED DECISION MAKING

The GDPR sets out several obligations and restrictions in respect of any automated decision making.  However, Bike and Go does not conduct any automated decision-making activities.

 

PORTABILITY

Where you have provided us with personal data, the reasons we are processing it are based on consent or our contract with you, and the processing is automated, then you have a right to ask for that information be provided to you or another data controller in a structured, commonly used and machine-readable format. The right may be restricted if it is not practical for us to provide the information in this way or it adversely affects the rights of others.

 

HOW WE DEAL WITH RIGHTS REQUESTS

In line with the EU GDPR, we will not charge you a fee for dealing with rights requests, unless they are manifestly unfounded or excessive or in circumstances where copies have been provided previously. We would always let you know if we thought this was the case, so that you can make a decision about what you wanted to do next.

There are various limitations and exemptions in relation to the exercise of rights in DPL - for example if it would affect another’s rights and freedoms or if we need to retain the information to make or defend a legal claim.  We intend only to rely on limitations and exemptions where it is fair to do so and always bearing in mind that it is your personal data.

 

COMPLAINTS

If you are not happy with the way in which we deal with your data or have dealt with a rights request, then please us know.  Our Data Protection Manager role has been established in a manner to remain independent of business decisions, and is the first point of contact for dealing with rights requests and complaints.

Our Data Protection Manager (DPM) is:

Helen Hodgkinson

9th Floor, Rail House

Lord Nelson Street

Liverpool

L1 1JF

[email protected]

If you are not satisfied with the way in which our DPM has handled your complaint or rights request then you can contact our Group Data Protection Officer (below):

 

 

Sheryl Campbell

Abellio UK HQ

5th Floor, The Culzean Building

36 Renfield St

Glasgow

G2 1LU

[email protected]

 

If you are not satisfied with our DPO’s response you can complain to the ICO. Their contact details are:

Head office

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Fax: 01625 524 510

https://ico.org.uk/global/contact-us/

 

HOW LONG WE KEEP YOUR PERSONAL DATA FOR?

We’ll store your information for as long as we have to by law or regulatory requirement. If there’s no legal or regulatory requirement, we’ll only store it for as long as we need it, in line with our data retention policy.

We’ll also keep some personal information for a reasonable period after your last contact with us – just in case you decide to use our services again.  We, or one of our partners, may contact you about our services during this time if you haven’t opted out of receiving marketing communications from us.

We may also keep your personal data for the purposes of our legitimate interests in running our Group businesses, including anonymising or pseudonymising data for analysis. 

 

CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time.  The most current version of this policy will govern use of your information and will always be at https://www.bikeandgo.co.uk/privacy-policy/.  By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

This Policy was last updated on 31/05/2018.