The privacy policy of the MEVO Metropolitan Bike System (SRM MEVO) is intended to provide users of SRM MEVO with the information required in art. 13 and 14 of the EU Regulation 2016/679 of April 27, 2016 (general regulation on data protection hereinafter

The privacy policy of the MEVO Metropolitan Bike System (SRM MEVO) is intended to provide users of SRM MEVO with the information required in art. 13 and 14 of the EU Regulation 2016/679 of April 27, 2016 (general regulation on data protection hereinafter referred to as the GDPR) in connection with the processing of their data under SRM MEVO by joint controllers: Metropolitalny Gdańsk, Gdynia, Sopot and CityBike Global S.A. with based in Barcelona.
I. Personal Data Administrator
With regard to your personal data, hereinafter referred to as "Personal Data", there are two joint controllers listed below who jointly decide on the purposes and methods of processing Personal Data. The joint controllers referred to in the previous sentence are:
1. Gdańsk Metropolitan Area, Gdynia, Sopot, ul. Dlugi Targ 39/40, 80-830 Gdańsk,
2. CityBike Global S.A. based in Barcelona, 08-174, Calle Via Augusta 105
II. Purpose of processing Personal Data
The purpose of processing is to perform activities as part of the Joint Processing Activity. The data is processed for purposes related to the provision of services available as part of the MEVO Metropolitan Bike System for SRM MEVO Clients resulting from the implementation of the contract of 08/02/2022.
III. Legal basis for the processing of Personal Data
The legal basis for the processing of Personal Data as part of Joint Processing Activities of SRM MEVO users is:
1. article 6 sec. 1 lit. b) GDPR:
a) in the scope of conclusion and performance of the contract concluded as a result of acceptance of the Regulations of the MEVO Metropolitan Bike System;
2nd article 6 sec. 1 lit. c) GDPR:
a) in the scope of activities related to issuing a VAT invoice;
b) in the scope of obligations related to financial accounting and archiving regulations;
3. article 6 sec. 1 lit. e) GDPR:
a) in the scope of tasks performed for the public good, in particular the implementation of goals related to the functioning of SRM MEVO;
4. article 6 sec. 1 lit. f) GDPR:
a) in the scope of determining, investigating and defending against claims;
b) in the scope of protection of the legitimate interest, which is securing the property of each of the joint controllers, in particular stations and bicycles; in the scope of handling a request or answering a question sent via the contact form
c) monitoring and improving the quality of services, including customer service.
The legitimate interest of the Joint Controllers is to establish, investigate and defend against claims, ensure the safety of property, and ensure contact in matters related to the functioning of the SRM MEVO system.
IV. Recipients of Personal Data
The following recipients may have access to Personal Data:
1. service providers to whom the processing of Personal Data has been made available or by contract entrusted for the purposes of providing services provided to the Joint Controller, to the extent necessary for the proper performance of these services, including in particular IT service providers, payment operators (for the purpose of making payments in SRM MEVO) , consulting companies and law firms (for the purposes of conducting civil and criminal proceedings against SRM MEVO Clients who used SRM MEVO contrary to the Regulations), debt collection companies specified by law (claiming unpaid financial liabilities for the use or improper use of SRM MEVO),
2. entities authorized to receive Personal Data under the law.
V. Period of storage of Personal Data
Personal data will be stored by the Co-Administrator, which is OMGGS, for a period consistent with internally applicable office regulations or generally applicable regulations on accounting and document archiving, i.e. for a period of 5 years.
In the case of Personal Data processed by the Co-Administrator, which is CityBike Global S.A., the processing period after the end of the data subject's use of SRM MEVO may be extended each time by the period of limitation of claims, if the processing of Personal Data is necessary to determine or pursue any claims or defend against such claims. by the Joint Controller, or for a period resulting from legal provisions, in particular accounting regulations.
VI. Rules for collecting Personal Data
Providing Personal Data by the data subject is voluntary. Failure to provide data results in the inability to perform the contract.
VII. Rights related to the processing of Personal Data
The person to whom the Personal Data relates may exercise the following rights towards each of the Joint Controllers:
1. the right to request access to and rectification of your Personal Data;
2. the right to limit the processing of her Personal Data in the situations and on the terms indicated in art. 18 GDPR or to delete them in accordance with Art. 17 GDPR ("right to be forgotten");
3. the right to object at any time to the processing of her Personal Data referred to in art. 21 sec. 1 GDPR for reasons related to