We ensure the protection of your personal data
The Communauté d’Agglomération de l’Auxerrois, whose address is 6 bis place Maréchal Leclerc, building 58, 89010 Auxerre, France (“we”, “us” or “our”), is committed to respecting privacy and applicable data protection laws with regard to users (“you”, “your”) of the service (the “Service”, as defined more specifically in the section “Definitions”).
This privacy statement (the “Statement”) describes our methods for collecting and using personal data in connection with your use of the Service, the website (the “Website”), and your interactions with us and with the Operator, Fifteen, a simplified joint-stock company (SAS) with a share capital of €1,815,772, whose registered office is located at 8 Rue Henri Mayer, 92120 Issy-Les-Moulineaux, registered with the Lyon Trade and Companies Register under number 505 280 727, to whom we subcontract the processing of personal data within the meaning of European legislation.
The software on your device may access your information. Our products or services may contain links to other websites operated by companies that have their own privacy notices. We therefore recommend that you read their privacy notices carefully.
This Statement applies only to the Service and the Website.
You are not required to provide us with your personal data. However, if you choose not to provide it, we may not be able to provide you with our products or services, all of their features, or respond to your inquiries.
Definitions
“We”, “us” or “our”: refers to the Communauté d’Agglomération de l’Auxerrois and Fifteen as identified at the beginning of this Statement.
“Service”: refers to the electric bike sharing service offered by the Communauté d’Agglomération de l’Auxerrois, as defined in the Terms and Conditions of Use of the AuxR_M le vélo Service, to which said service is subject and which form an indivisible whole with this Statement.
“AuxR_M le vélo”: commercial operating brand of the Communauté d’Agglomération de l’Auxerrois.
“Application”: refers to the free downloadable program that can be executed from the operating system (iOS or Android) of a smartphone or tablet. It allows any user of the Service to find a nearby bike, unlock it, follow a cyclist-friendly route, view the number of kilometers traveled, subscribe to the Service, contact Customer Service, and report an incident.
What information do we collect?
We collect your personal data and other information when you complete various online forms as part of your use of the Service and the Website, or when you respond to questions communicated by email, by phone, via the AuxR_M le vélo application (the “Application”), or by any other means of communication, and when you participate in a campaign or survey or interact with us. This includes the following cases:
Our applications may regularly contact our servers, for example to check for updates or to send us information regarding your use of our services. In addition, we may invite you to voluntarily join service improvement or research programs in which we collect detailed information such as your socio-professional category, gender, or usage of our services.
Information you provide to us: when you create an account, use the Service, request our services, participate in campaigns or surveys, or interact with us, we may request information such as your name, email address, phone number, postal address, usernames and passwords, comments, device-related information, age, gender, language.
We will also store your consents, preferences and settings, for example regarding location data, marketing, and the sharing of personal data.
Your transactions with us: we keep records of your purchases, downloads, content you provided to us, requests, agreements between you and us, products and services offered to you, payment and delivery details, as well as your interactions with us. In accordance with applicable law, we may record your communications with our customer service or any other point of contact.
Positioning and location data: location services determine your location using satellite, mobile, Wi-Fi or other network-based positioning methods. These technologies may involve sharing your location data and your mobile unique identifier number, Wi-Fi identifiers or other network identifiers with us. Our products may operate with different platforms, applications and services which may in turn collect your positioning data. We do not use this information to personally identify you without your consent.
Your email address: we may process your email address if you have provided it via our Website. We also collect personal data through cookies and trackers on our Website and the Application.
Why do we process your personal data?
We may process your personal data to meet various needs:
Providing the Service: we may use your personal data to provide the Service, maintain it, process your requests, and more generally to perform the contract between you and us, to ensure the functionality and security of our products and services, including the Service, to identify you in order to provide the Service, and to prevent fraud and other malicious uses or investigate them.
Communicating with you: we may use your personal data to communicate with you, for example to inform you that our services have changed, to send you alerts regarding our products and/or services, to conduct a survey, and to contact you through our customer service.
Marketing, advertising and recommendations: we may contact you to inform you about new products or services or promotions that may be offered to you, after obtaining your consent, or if permitted to do so.
Anonymized statistics: we may aggregate the GPS data of all users to provide statistics on travel habits, which may be shared with our partners. Such aggregated data will be anonymized in accordance with applicable personal data protection regulations.
We use your personal data with your consent or when necessary for the proper performance of the contractual relationship between us. We may also use your personal data when required by law or by our legitimate interest, for example to protect our customers, ensure the security of our products and services, and protect our rights and property.
Do we share your personal data?
We do not sell, rent or disclose your personal data to third parties except in the cases mentioned below.
Your consent and social media buttons: we may share your personal data if you have given your consent. Some of our products and services may allow you to share your personal data with social networks. We encourage you to remain vigilant and to consult the privacy policies of these social networks to understand what information is collected and how it is used, particularly for advertising purposes.
Authorized third parties: we may share your personal data with authorized third parties processing personal data for AuxR_M le vélo as described in this Statement. This may include, for example, billing by your network operator, or delivery of personal batteries, by providing services such as customer service, consumer data management and analysis, surveys, business management, or other services.
We may conduct marketing campaigns and other communications in collaboration with our authorized third-party partners. In order to avoid duplicate and unnecessary communications and to send you messages tailored to your needs, we may need to match the data collected by AuxR_M le vélo with that collected by the partner where permitted by law.
These third parties authorized by the Communauté d’Agglomération de l’Auxerrois are not permitted to use your personal data for any purpose. We require them to act in accordance with this Statement and applicable personal data protection regulations and to implement appropriate security measures to protect your personal data.
International transfers of personal data: our products and services may be provided using resources and servers located in various countries worldwide. Your personal data may therefore be transferred across borders outside the country where you use our services, including countries outside the European Union that do not have laws providing specific protection for personal data, or that have different data protection laws. In such cases, we take measures to ensure adequate protection for your personal data in accordance with applicable law, using agreements approved by relevant authorities (e.g. the European Commission) and requiring appropriate technical and organizational security measures.
Mandatory disclosures: we may be legally required to disclose your personal data to certain authorities or other third parties, for example law enforcement authorities in countries where we, or third parties acting on our behalf, operate. We may also disclose and process your personal data in accordance with applicable law to defend our legitimate interests, for example in the event of civil or criminal legal proceedings.
Mergers and acquisitions: if we decide to sell, buy, merge or reorganize our business in certain countries, this may involve disclosing personal data to potential or actual buyers and their advisers, or receiving personal data from sellers and their advisers.
How do we ensure data quality?
We take all reasonable measures to ensure that the personal data we hold is up to date and to delete personal data that is inaccurate or no longer necessary. We will retain your personal data only as long as necessary to fulfill the purposes described in this Statement or otherwise communicated to you, unless a longer retention period is required by law.
We encourage you to access your account from time to time to review your personal data in order to help us keep it up to date.
What measures are taken to protect your personal data?
Privacy and security are of critical importance in the way we create and provide our products and services. We have assigned specific responsibilities to address security and privacy issues. We enforce our internal policies and guidelines through appropriate activities, including proactive and reactive risk management, security and privacy engineering, training and assessments.
We take appropriate measures to address online security risks, physical security risks, data loss and other risks, taking into account the risks represented by the processing and the nature of the data being protected. We also restrict access to our databases containing personal data to authorized personnel with a justified need to access such information.
How do we use cookies?
A “cookie” is a small text file containing data that is stored on a device (computer, tablet, smartphone, etc.) when you browse a website. We use cookies, web beacons and other similar technologies to operate and improve our Website and our Application.
Below is a list of the cookies we use:
| Name | Purpose | Lifespan | Domain / Platform |
|---|---|---|---|
| Session | Keeps the user logged into their account to ensure authenticated and secure browsing | 7 days | auxrmlevelo.com |
| Locale | Manages the visitor’s preferred language | 12 months | auxrmlevelo.com |
| Stripe | Fraud prevention | 12 months | auxrmlevelo.com |
How can you manage/delete these cookies?
All major internet browsers allow you to manage cookies stored on your computer or mobile device.
If you do not want our Website to place cookies on your computer or mobile device, you can easily restrict or delete them by adjusting your browser or mobile device settings. In addition, you can set your computer or mobile device to notify you each time you receive a cookie so that you can decide whether to accept it.
We notify all new users with a banner specifying that cookies are used on our website. You may accept or refuse them at that time. You can reset your choice at any time by clicking here. The cookie consent banner will be displayed again at the next connection.
What are your rights?
You have the following rights regarding the personal data we process about you:
Access: you have the right to know what personal data we hold about you and to obtain a copy of it.
Data portability: subject to applicable law, you have the right to obtain the personal data you provided to us in a machine-readable format.
Rectification: you have the right to request that any incomplete, inaccurate or outdated personal data concerning you be corrected.
Erasure: you have the right to request the deletion of your personal data when it is no longer necessary for the purpose, if you have withdrawn your consent to processing, or objected to it in accordance with personal data protection regulations, if the processing is unlawful, or if required by an applicable legal obligation.
Withdrawal of consent: you have the right to withdraw the authorization you have given us to use your personal data.
Objection: you have the right to object to the processing of personal data where such processing is based on the performance of a task carried out in the public interest or in the exercise of official authority, or on a legitimate interest pursued by us, for reasons relating to your particular situation. You may also object at any time to processing carried out for direct marketing purposes.
Restriction: you have the right to request restriction of the processing of personal data where you contest the accuracy of your personal data being processed, if the processing is unlawful and you oppose the deletion of your personal data, if you consider it useful, or if you have objected to the processing while we verify the legitimacy of our interests.
Post-mortem directives: you also have the right to define instructions regarding the retention, deletion and communication of your personal data after your death.
If you wish to exercise any of your rights, you may inform us by contacting us at the contact email address. If you are still not satisfied, you also have the right to lodge a complaint with a competent supervisory authority, namely in France, the Commission Nationale de l’Informatique et des Libertés (CNIL).
How long do we keep your personal data?
Your data will be retained for a period not exceeding what is necessary to fulfill the purposes set out in this Statement.
If your data is no longer necessary for the purposes set out in this Statement, it will be regularly deleted or anonymized unless it must be retained longer:
to ensure compliance with legal, accounting and tax retention obligations: 10 years;
for evidence retention within applicable limitation periods: 5 years;
for marketing purposes: 3 years from the end of our contractual relationship with you or from our last contact with you.
Furthermore, if we note that your user account has not been used for more than 2 years, we will delete your personal data.
What access permissions are required by the Application?
You must grant the following permissions to the Application to allow us to collect the data necessary for your registration and your use of the AuxR_M le vélo Service:
Camera: required to scan the QR code identifying the bike.
Location: required to locate you on the map (MapBox), show the location of nearby bikes and how to reach them.
Bluetooth: required to establish and maintain the connection between the user's phone and the bike, allowing proper use of the AuxR_M le vélo Service.
Amendments to the Statement
We reserve the right to amend this Statement at any time, with or without notice. However, if our Statement is modified, you will be notified by email so that you may review the changes.
Contact
If you have any questions or requests regarding this Statement or more generally about how we process your data, you may contact us at the following email address: dpo@auxerre.com.