Confidentiality and Services Policy

(Revised version as of 17/08/2023)

 

1)Who are we?

This privacy policy is issued on behalf of the Intermunicipal Community of Médio Tejo, the promoting entity of the Médio Tejo shared bicycles project, with headquarters located at Convento de São Francisco – Av. General Bernardo Faria, in the municipality of Tomar.

The shared electric bicycle solution in Médio Tejo, named meioB, is managed by the company CME – Construção e Manutenção Electromecânica, S.A., which handles the management and maintenance of the system.

meioB respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we handle your personal data when you use our mobile app or our bicycles. Additionally, it will highlight your privacy rights and how the law protects them. Our services are not intended for children under the age of 16, and we do not knowingly collect data about children. Details are specified in our GENERAL TERMS OF ACCESS AND SERVICE USAGE (TGAUS).

We regularly review our privacy policy, and therefore, we invite you to regularly check this web page or through the app. It is important that the personal data you provide to us is accurate and up-to-date. If your personal data needs to be changed during your relationship with us, please inform us through the app or by email at the following address: geral@cimt.pt.

 

2)What data can we collect?

The term ‘Personal Data’ means any information relating to an identified or identifiable natural person that can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, etc…

We may collect, use, store, and transfer different types of personal data about you (i.e., any information that identifies you directly or indirectly) grouped as follows:

  • Identity and contact details: includes personal name, surname, username, password, email address, phone numbers, and other similar identifiers.
  • Financial and transactional data: includes certain information related to bank account and payment card, as well as any information about payments you make and any other details related to purchased services and similar details. Please note that we do not store your complete payment card information. This information is stored by our approved third-party payment partner for that purpose.
  • Technical and Usage Data: includes information about how you use our App and Bicycles (including trip history and location), the type and version of the mobile operating system used.
  • Profile Data: includes selected services and subscriptions.

If permission for the collection of personal data is not granted or personal data is not provided in accordance with our General Terms and Conditions, we may not be able to ensure compliance with the GENERAL TERMS OF ACCESS AND SERVICE USAGE (TGAUS). In this case, the use of the App may be denied.

 

3)How and why do we collect this data?

When creating an account in the App, you provide the requested information, and as a User, you agree to the collection and processing of your Personal Data by the Company or any designated service provider, in accordance with all applicable regulations on the protection of personal data, especially the provisions of General Data Protection Regulation No. 679/2016 of April 27, 2016 (GDPR). The Company is the controller of the Personal Data collected as part of the Services. In any case, the Company commits to comply with the current laws and regulations related to privacy protection.

The Personal Data collected by the Company is strictly necessary for the management and execution of the Services (billing, payment, bike access, customer service, trips, etc.). You have the option to track your trips with the App or not: the request is explicitly made in a dedicated window. If you choose “yes” to this request, the App traces the location in the background to give you access to trip tracking and statistics. If you choose “no,” the location will not be indicated in the background. This feature is only used during the trip.

In this context, as a User, you agree that certain information collected about you may be processed in a country outside the European Union, with the Company striving to take appropriate measures to maintain an optimal level of confidentiality and security of your Personal Data. This includes requiring all its subcontractors and service providers to implement any suitable technical and organizational measures continuously to ensure the security of this Personal Data and to guarantee the same level of protection required by Portuguese and EU regulations on personal data.

You agree that this Personal Data may be stored, processed, and transferred by the Company to its subcontractors or service providers for the aforementioned purposes, which they can only access in accordance with the current legal and regulatory provisions.

The collected Personal Data also allows the Company to inform you about promotional offers or new services.

 

 4)How long will we use your personal data?

We will retain your personal data only for a reasonably necessary period to fulfill the purposes for which we collected them, including for compliance with any legal, regulatory, tax, accounting, or accountability requirements. We may retain your personal data for a longer period in the case of a complaint or if we reasonably believe there is a risk of a dispute arising in the course of our business relationship. To determine the appropriate retention period for personal data, we take into account the quantity, nature, and sensitivity of the data in question, the risks of harm in the event of unauthorized use or disclosure of your personal data, the purposes for which we process them, whether we can achieve those purposes by other means, and the requirement of applicable legal, regulatory, tax, accounting, or other requirements.

In certain situations, we will irreversibly anonymize your personal data (so that it does not allow you to be identified) for analysis purposes, as well as for statistical purposes, in which case this policy will cease to apply, and we may use this data indefinitely without notice. Please note that we are legally obligated to retain basic information about our customers for seven years after they cease to be customers for tax purposes.

 

 5)Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Additionally, we limit access to your personal data to our employees, representatives, subcontractors, and other third parties who need to know them for the purpose of performing their functions. The latter will only process your personal data according to our instructions and will be subject to a confidentiality obligation. We have procedures in place to deal with any suspected personal data breach, and we will notify you, as well as any relevant regulatory authority, in the event of a breach if we are legally required to do so.

 

6)What are your legal rights?

At meioB, we are committed to respecting the legal rights that our customers have in terms of data protection. If you send us a request regarding your rights under data protection legislation, we will respond within one month from the date of receipt and will try to fulfill that request within the same period. In more complex cases, this period may be extended by a maximum of two months.

According to the current legislation, as a User, you have the right of access, rectification, erasure, objection, and portability of personal data concerning you, as well as the right to limit the processing that the Company performs regarding this Personal Data. You can exercise these rights:

  • By email to: geral@cimt.pt
  • By phone: +351 249 730 060
  • Regarding the personal information that the Company processes about you, you can exercise the following rights:
  • Right to be informed
  • Right of access (to this information)
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to complain to the data protection authority
  • Right to withdraw your consent

For all the information about your mandatory rights, please consult the page of the data protection authority:

Comissão Nacional de Proteção de Dados – https://www.cnpd.pt/