TR EN ME GR
Download

Privacy Policy

Greece Montenegro Türkiye

1. HOP GREECE TECHNOLOGY SINGLE MEMBER P.C., based in Olimpiou Diamanti nr. 7, Thessaloniki, Greece, e-mail address: [email protected] website: https://hop.bike/en (hereafter the “Company”), is the personal data controller and responsible. Controller means the legal person, which, alone or jointly with others, determines the purposes and means of the processing of “personal data”.

2. “Personal data” means any information relating to an identified or identifiable natural person (that is the “data subject” hereafter the “user”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier provided by his/her devices, applications, tools and protocols, such as internet protocol addresses and cookie identifiers. When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfill their task, the controller shall fulfill its data protection obligations.

3. A privacy policy is a legal statement that must be clear, conspicuous and with given, well informed free and explicit consent by all users. It must disclose how a mobile app processes (collects, gathers, stores and uses, indicative and not restrictive), its user’s personal data. A mobile app’s privacy policy is developed and presented to users so that mobile app controller is compliant with Greek and European Law, according to the General Data Protection Regulation 2016/679 (hereafter “GDPR”) and the Greek Law 4624/2019. As a result, the Company fulfils the legal requirements to safeguard, inter alia, user’s privacy. Whether a user has an iOS or Android app, he/she must keep his/her mobile application compliant by using a privacy policy on his/her app.

4. The HOP App has a variety of functionalities that enhance user’s experience. If the user allows the HOP App to access his or her location information on his or her device, the mobile app may use the user’s mobile device’s Global Positioning System (GPS) technology and other technology (such as wireless transmitters known as beacons) to provide him or her with information and offers based on the location of his or her device. The company may use this location information to enhance user’s travel experience by delivering push notifications and other content to his or her mobile device, providing navigation assistance as he or she moves around Company’s locations, and sending him or her information and offers about products, services, or activities the Company believes may be of interest to him or her, following his or her explicit consent. The company may share this information with third parties, including business partners and service providers, to provide information, offers, and services that may be of interest to the user. The user may prevent or limit collection of location information by changing the settings in the app, or by changing his or her device’s settings.

5. Τhe Company processes the personal data collected from the data subject, that is:

a. Identity Data includes first name, last name, date of birth, identity or passport number, driving license, gender, invoice information (address, if corporate invoice company name, tax number)

b. Contact Data includes billing address, email address and telephone number(s).

c. Location Data includes location.

d. Financial Data includes bank account, payment card details, details of any other user’s account needed for the transactions (e.g. pay pal account details). Concerning the storing of the data, VivaWallet is the data processor of user’s banking information and there is a confidentiality agreement between us about this.

e. Transaction Data includes details about payments to and from user and other details of products and services the user has purchased from the Company.

f. Technical Data includes internet protocol (IP) address, user’s login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, App info and performance, device ID and other technology on the user’s device.

g. Profile Data includes purchases or orders made by him/her, his/her interests, preferences, feedback and survey responses.

h. Usage Data includes information about how the user uses Company’s, products and services, including cookies.

i. Marketing and Communications Data includes user’s preferences in receiving marketing communications from the Company and user’s communication preferences.

6. The Company collects user’s personal data whenever he or she uses Company’s services (whether services provided directly by the Company or by other companies or agents acting on its behalf).

7. Purposes of user’s personal data processing: Τhe Company processes the personal data collected from the data subject in the legal basis of user’s given consent, for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract as well as for the purposes of the legitimate interests pursued by the controller or by a third party, according to the GDPR provisions. The processing purpose concerning the type of data and the lawful basis for processing, are the following:


Purpose

Type of data

Lawful basis for data processing

To register the user to the application

  1. Identity
  2. Contact

Performance of a contract with the user, necessary for Company’s legitimate interests (account management, user’s authentication, App functionality, developer communications, security, and compliance)

To process and deliver user’s subscription to the app

  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications

Performance of a contract with the user, necessary for Company’s legitimate interests (user’s authentication, to recover debts due to the Company) 

To administer, support and protect Company’s technical infrastructure (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  1. Identity
  2. Contact
  3. Technical
  4. Location

Necessary for Company’s legitimate interests (provision of administration and IT services, network security, preventing fraud, business reorganization, App functionality, analytics, developer communications, fraud prevention, security, and compliance, personalization), after given consent apply the navigation assistance, necessary to comply with a legal obligation 

To deliver relevant content and advertisements to the user and measure or understand the effectiveness of these  advertisements

  1. Identity
  2.  Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical

Necessary for Company’s legitimate interests (to study how customers use its products/services, to develop products and services), after user’s given consent with regards to respective advertising/targeting cookies (to better organize Company’s marketing strategy). In the abovementioned cases, HOP GREECE TECHNOLOGY  SINGLE MEMBER P.C. might apply automated procedures in order to analyze user’s behavior and preferences, so as to identify and suggest services and goods that might be of his/her interest.

To use data analytics to improve Customer’s products/services, marketing, customer relationships and experiences

  1. Technical
  2.  Usage 

Necessary for Company’s legitimate interests (to define types of customers for Company’s products and services and to develop Company’s business and marketing strategy), after user’s given consent with regards to respective advertising/targeting cookies (to better organize Company’s marketing strategy). In the abovementioned cases, HOP GREECE TECHNOLOGY  SINGLE MEMBER P.C. might apply automated procedures in order to analyze user’s behavior and preferences, so as to identify and suggest services and goods that might be of his/her interest.

8. User’s personal data recipients: The recipients to whom the personal data have been or will be disclosed, are the Company’s business partners and service providers that provide support services to the Company or that help Company to market its products and services. Service providers are third parties who perform services on Company’s behalf. They are contractually restricted from using user’s information in any manner other than in helping Company to provide the user with the products and services available from the HOP GREECE TECHNOLOGY SINGLE MEMBER P.C. The Company may also disclose user’s personal data to a third party when he or she asks the Company to do so or when the Company believes it is required by law.

9. Security measures: According to the GDPR provisions, the Company follows the privacy by design and privacy by default policy, using all the appropriate technical and organizational security measures (including encryption, anonymization or/and pseudonymization procedures where required) to prevent users’ personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed providing access to users’ personal data only to authorized persons (employees, business partners and service providers), ensuring that, only personal data which are necessary for each specific purpose of the processing are being processed. That obligation applies to the amount of personal data collected, the extent of their processing and the period of their storage and their accessibility.

10. User’s personal data storage period: The Company will only store user’s personal data for as long as necessary to fulfil the purposes the Company collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

11. User’s rights:

The HOP user has the right

a. to access his/her personal data, that enables him or her to receive a copy of the personal data the Company holds about him or her and to check that the Company lawfully processing it,

b. to request from the Company rectification of his/her personal data, that enables him or her to have any incomplete or inaccurate data the Company holds about him or her corrected,

c. to request from the Company erasure of his/her personal data, , that enables him or her to ask the Company to delete or remove personal data where there is no good reason for the Company continuing to process it,

d. to request restriction, that means that the Company shall suspend the processing of user’s personal data in the case that: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;(d) the data subject has objected to processing but the Company needs to verify whether the Company has legitimate grounds overriding those of the user.

e. to object to processing of his/her personal data where the Company relies on a legitimate interest and there is something about user’s particular situation which makes him or her wants to object to processing including profiling and direct marketing,

f. to request the portability of his/her personal data to him or her or to a third party. The Company will provide to the user, or a third party that he or she has chosen, his/her personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which the user initially provided consent for the Company to use or where the Company used the information to perform a contract with the user.

g. to withdraw consent at any time where the Company relies on consent to process user’s personal data. However, this will not affect the lawfulness of any processing carried out before the user’s consent withdrawal.

h. to lodge a complaint with user’s country’s Personal Data Supervisory Authority. The Greek supervisory authority, is the Hellenic Data Protection Authority (www.dpa.gr), Kifissias 1-3, PC 115 23, Athens, Greece, Telephone: +30-210 6475600, e-mail: [email protected]. The Company would, however, appreciate the chance to deal with user’s concerns before he or she approaches the Data Protection Authority by contacting the Company in the first instance using the contact details above.

12. User’s consent: User’s consent: The user, by accepting the HOP Privacy Policy, acknowledges that he or she has been explicitly informed and agrees that the Company has the right to process (in any form of processing according to the GDPR provisions) his/her personal data for the above mentioned purposes. The user has the right to withdraw his consent at any time where the Company relies on consent to process user’s personal data. However, this will not affect the lawfulness of any processing carried out before the user’s consent withdrawal.