Privacy Policy

Purpose and Data Controller

The data controller for the personal data of users of the Ontinyent public electric bicycle service is:

Ajuntament d'Ontinyent (Ontinyent City Council) Tax ID: P4618600C Address: Plaça Major 1, 46870 Ontinyent (Spain) Phone: +34 962 918 200 Data Protection Officer (DPO): dpd@ontinyent.es

The operational provision of the service is carried out by Cooltra City Services S.L. (Tax ID: B67202036, address: Passeig del Mare Nostrum, 15, 08039 Barcelona (Spain), Email: ontibici@cooltra.com), acting as data processor, processing data on behalf of the City Council and in accordance with its instructions, pursuant to Article 28 of the GDPR. Certain municipal departments may access data within the framework of service management, under the responsibility of the City Council.

Data Processing When Using the Website and App

Access to the service's digital channels (website or app) can generally be made without providing personal data. However, to access the bicycle service it will be necessary to provide the data essential for its provision. No personal data is collected without the user's knowledge, nor is it shared with third parties outside the cases provided for in this policy. For the purpose of service improvement, statistical usage data (such as number of visits or use of features) may be analysed in an aggregated and anonymised form.

Use of Cookies

The service's digital channels may use:

  • Own technical cookies, necessary for the operation of the service
  • Where applicable, analytical cookies, always in an aggregated form and without identifying individual users

The user may configure their browser to accept or reject cookies.

What Personal Data Do We Process?

Within the framework of the service, the following categories of data may be processed:

  • Identification data
  • Contact data
  • Administrative data (for verification of requirements or discounts)
  • Financial and payment data
  • Service usage data
  • Data relating to incidents, sanctions or complaints
  • Images or documentation provided by the user
  • Location data (see section 6)

Purpose of Processing

Data is processed in order to:

  • Manage registration and use of the service
  • Formalise rental agreements
  • Manage payments, deposits and insurance
  • Verify requirements and discounts
  • Handle enquiries and incidents
  • Ensure correct use of the service and security
  • Comply with legal obligations
  • Produce aggregated and anonymised statistics

Use of Technological Systems and Location Data

Bicycles may incorporate geolocation systems (GPS) for operational and security purposes.

  • During use: location tracked more frequently
  • At rest: location tracked less frequently

Access to information:

  • Users can check the location via the app
  • Authorised staff access approximate data
  • Access to precise data is exceptional, justified and logged

Under no circumstances is continuous tracking of the user carried out.

Legal Basis for Processing

Processing is based on:

  • Public interest mission (Art. 6.1.e GDPR)
  • Performance of a contract (Art. 6.1.b GDPR)
  • Compliance with legal obligations (Art. 6.1.c GDPR)
  • Legitimate interest (Art. 6.1.f GDPR), for security and fraud prevention

Data Sharing

Data may be shared with:

  • The service operator
  • Technology providers (data processors)
  • Insurance companies
  • Financial institutions
  • Public administrations and competent authorities

No data will be shared for commercial purposes unrelated to the service.

International Transfers

If transfers outside the EEA take place, they will be carried out with the legal safeguards required by the GDPR.

Data Retention

Data will be retained:

  • For the duration of the service provision
  • For the applicable legal retention periods

In particular:

  • Contractual and payment data: in accordance with applicable regulations
  • Location data
  • Anonymised data: for longer periods

Collection of Data from Minors

Use of the service is not permitted for persons under 14 years of age. For persons between 14 and 18 years of age, authorisation may be required in accordance with applicable regulations.

User Rights

Users may exercise the following rights:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Portability

The exercise of certain rights may be limited while processing is necessary for the provision of the service, compliance with legal obligations, or the management of liabilities.

Requests may be addressed to: Ajuntament d'Ontinyent (Ontinyent City Council) Email: dpd@ontinyent.es

If a request is submitted to the operator, it will be forwarded to the City Council without undue delay. Users also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

Data Security

Technical and organisational measures have been adopted to ensure:

  • Confidentiality
  • Integrity
  • Availability of data

Images and Content

If images connected to the service are published in which a person is identifiable, they may request their removal at: dpd@ontinyent.es

Third-Party Links

The service's channels may include links to third-party websites, which have their own privacy policies.

Social Media

The service's presence on social media will be governed by the policies of each platform. The City Council will not process personal data directly in these environments.

Updates

This policy may be updated to reflect regulatory or service changes.