Privacy Statement Mobility Services B.V. 

 

Processing Personal Data

Your privacy matters to us. This statement forms the basis on which personal data that we collect from you or that you provide us with is processed by Mobility Services (hereafter “I travel”, “we”, “us” or “our”). Please read this document thoroughly to know how Mobility Services handles your personal data.

The term ‘Personal Data’ refers to information about you personally (name, license plate, phone number, email, etc.). Please keep in mind that both changes in the law as well as the ever changing state of current technology mean that our privacy statement is subject to change. Anytime a change in our Privacy Statement occurs, we will update this document without informing you. The most recent version of our Privacy Statement applies. We therefore advise you to check this statement regularly.

We process your personal data with the utmost care and in accordance with the GDPR (General Data Protection Regulation). The fundamental idea when processing personal data is that the data that is processed is sufficient, not excessive and relevant.

Who is responsible for the data?

Mobility Services, its statutory seat in Amersfoort, is the Controller for the Processing of your data. The statement pertains to the gathering and more in general the processing of personal data by Mobility Services, with the main goals of processing payments and providing the mobility services of Mobility Services.

Retention

We don’t retain the personal data we collect longer than is necessary for the purposes for which it was collected, with a maximum of 18 months, unless otherwise stated in this Privacy Statement. After the retention period mentioned here, all your personal data will be removed, unless the data has to be retained longer due to legal obligations. Removal implies anonymizing, destroying or process in such a way that it’s no longer possible to identify you.

 

What data is collected and for what purpose?

You can provide us with information by filling in forms on our website(s), by using our website or our app, by contacting us through telephone or email, by using third-party services or otherwise. This includes information that you provide when registering on our websites, when using third-party mobility services, when sending us a request, when contacting our customer service, when  concluding a contract for delivery of services, when participating in promotions or questionnaires and when reporting a problem with our website. The personal data you provide, which is necessary to provide our services and/or provide you with an answer can include your name, address, email address, phone number, trip information (location, date, supplier, customer number), and bank data. We will not use your personal data for other purposes than mentioned in this Privacy Statement. We will never sell your personal data.

More specifically, to comply with your request to supply, amend or update one or more (mobility)services, we need to collect your data in the following cases.

Concluding a contract

Before you can make use of the services of Mobility Services you conclude a contract with Mobility Services. You conclude this contract during your registration in the app. To be able to draft and manage this contract we’ll need to process your contact data, personal data and log in data.

This data is used on a legal basis, namely to be able to perform the contract. We retain your data on our website for a maximum of 18 months after termination of the contract.

Concluding an invoicing relationship

In case we enter into an invoicing relationship with you Mobility Services needs your account details like personal data , name and address details and your bank account number.

This data is used on a legal basis, namely to be able to perform our administrative duties. We will retain this data for ten years after the invoicing date.

Creating a personal user account on the secure environment of our website 

In some cases you’ll need a personal account on the secure environment when you want to make use of the services of Mobility Services. We need certain data from you for this account. For example contact data, birth date, picture, place of residence, password, place of business, travel history and email address.

The basis for processing this data is the performance of a contract. We retain your account data on our website for 18 months after your user account has been terminated.

 

Activating and using third-party transport services

With your personal account you can activate and manage third-party services. These third parties are for example public transport bike and RC-BKA (public transport), To facilitate proper functioning of these services within Mobility Services we need to exchange your data with these third parties. If you make use of third party services through our app, we will exchange data with these/this third parties/party.

 

We take measures to prevent a personal data breach from happening. In this context we only exchange data with third parties that these parties need to perform their services. In some cases this is just your card number, on other cases your name and contact data is passed on. We receive travel information and trip data from third parties. Consider location, date, supplier and price of a transaction.

 

This third party deals with you as an independent controller. By using the services offered by this/these third party/parties through Mobility Services you agree to the terms and conditions and the privacy statement of this/these party/parties. We only collaborate with parties that have been thoroughly vetted and that adhere to strict privacy demands. Nevertheless the party in questions is the controller after receipt of your data. We are not responsible for the content, privacy and security practices and the policy of third parties with which we exchange data. We advise you to study the privacy and security practices of the third party before you provide them your data. You can find these on the website of the third party, if necessary you can ask the third party to provide these documents to you.

 

The basis for the exchange of data with third parties is the performance of a contract. We process your data from external parties until 18 months after termination of your user account. The retention period of the third party can be found in the privacy policy of the party in question.

App use and trip registration

After you install the app and log in, we exchange data. Trough the app we can provide you with travel advice, we can send you push notifications about validating trips, u can perform your trip registration and contact the customer service. Besides that you can get insight into your travel history through the app and your trips can be registered.

The basis for processing this data is performing a contract. We retain app data until 18 months after termination of the user account.

 

Customer contact and (electronic) messages

To be able to answer your questions or help you with something it is sometimes necessary for us to use your data. This data has been provided to us by you. This concerns for example your contact data, your trip data or your device data. In some cases, like remote assistance, it’s also necessary for us to access your personal account. We only do this with your explicit permission. To be able to process complaints or requests it can be necessary for us to use your bank data.

 

We will send you messages that are not commercially driven without your consent. For example messages about purchase, management amendment or termination of Services or about the use of third-party Services, in case of adaptations or calamities.

 

The basis for processing this data is the performance of a contract. We retain your customer contact data and electronic messages to a maximum of 18 months after the termination of your user account.

 

Reports

 

To create reports and to perform statistical research we use aggregated data, like travel data whenever possible. We do not use names, email addresses or other directly identifying information for reporting to Mobility Services management.

 

The basis for processing this data is the performance of a contract and looking after the legitimate interests of Mobility Services. We retain reports until 18 months after termination of the contract.

Improving Mobility Services

Mobility Services continuously works to improve its services and your user experience. To improve our services your data is analyzed. For example, your travel data, website and app usage, and system and account data is analyzed.

The basis for processing this data is looking out for the legitimate interests van I travel. We retain your data up to 18 months after termination of your user account.

 

Keeping Mobility Services secure

In the interest of fraud prevention and detection we can use your contact and travel data. We can also use your account and system data, including your IP addresses for security purposes.

The basis for the processing is looking out fort he legitimate interests of Mobility Services. We retain your data up to 18 months after the data was created. In case of fraud or unauthorized access we retain the data up to 10 years after the time of the incident.

To whom do we provide personal data?

We can provide you with the personal data that applies to you. We provide your data to the following categories of recipients:

.

  • We are required to provide your personal data should we be obliged by law for any reason.

  • We exchange data with third parties that act as Controller. See ‘Activation and use of third-party transport services’.

  • We can provide your personal data to Processors as known under the GDPR. These are suppliers that perform activities commissioned by us. When we colaborate with partners we – as Controllers – make sure that personal data is processed properly and accurately in accordance with the GDPR by our suppliers. This involves the following types of Processors:

    • Hosting parties

    • Customer Service Software

    • Telecommunication suppliers

    • Analytic software

    • Security software for keeping our services secure

    • Filesharing

    • Research software and services

 

Storage data

We store your personal data within the European Economic Space. 

Links to third-party sites

Our service may contain links to third-party sites, apps and advertisements, that may collect information about you. We do not control such sites or their activities. All data, including personal data you provide to these third parties, are provided directly to these parties and are subject to the privacy statement of these third parties. We are not responsible for the content, privacy- and security practices and the policy of third parties to which these links refer or redirect. We advise you to study the privacy and security practices and the policy of the third party before you provide them with data. You can find these on the third party’s website, if necessary you can ask the third party to provide your with these documents.

 

Security

We’ve taken physical, technical and organizational measures to protect your personal data. We do everything we can to ensure the complete reliability, accuracy and integrity of your personal data in our databases and to protect the privacy and security of our applications and databases. At least the following measures are in place:

  • We have set up physical and technical measures and management procedures that were designed to prevent unauthorized access, and/or loss or abuse of personal data as much as possible;

  • Sensitive information or personal data , like account passwords and other payment related identifiable information is encrypted before being transmitted;

  • Sensitive information is encrypted and/or hashed (this includes your password) when retained; we limit the internal access to personal data to employees who need this information to be able to perform their job;

  • Our employees are bound by a confidentiality clause;

  • Our information management systems are designed in such a way that employees who are not authorized to access certain information or personal data, in principle don’t have access to that information;

  • Our servers are located in a secured environment in datacenters. You only gain access to our servers front-end and only by logging in with a user name and password. You are personally responsible for the safe keeping of your login data;

  • The personal data is regularly backed up.

 

Seven rights

The personal data that we use of course is and remains your property. Therefore you have the right to view, amend, delete, limit or transfer the data we have of you to someone else. In some cases this is possible though the app or via the request form on the service page. You can apply for the following from us:

  • A request to data portability based on your right to transfer your personal data to another party;

  • A request to erasure with which you can enforce your right to be forgotten;

  • A request to access based on your right to view the personal data we have of you;

  • A request to rectify and complete which gives you the right to amend the personal data we work with;

  • A request to restriction of processing with which you can utilize your right to have less of your personal data processed; and

  • A request to objection with which you can enforce your right to object to the data processing.

 

We will ask you top roof your identity as soon as we’ve received a written request to make sure we don’t report your personal data to others. Next we will offer you an overview of all the personal data that we retain of you and/or correct, amend, export or remove personal data. Your request will be handled within 30 days. We would like to inform you that your request may have consequences for the use of our services.

 

Questions or complaints?

Everyone has the right to ask a question or file a complaint with us about the processing of their personal data by contacting us in any of the ways mentioned hereafter. If you want to correct your data, if you have a question or in case you object to us processing your data, you can send us a message.

 

In case of any complaints about the processing of personal data or the handling of complaints pertaining the processing of personal data  you can contact the Autoriteit Bescherming Persoonsgegevens directly, through phone number: (088) 18 52 50, or via: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten

 
 
 
Privacy Policy ISIC Mobility card (OV-chipkaart) RCBKA

Processing Personal Data
Your privacy matters to us. This statement forms the basis on which personal data that we collect from you or that you provide us with is processed by RC-BKA BV (hereafter “RC-BKA”, “we”, “us” or “our”). Please read this document thoroughly to know how RC-BKA handles your personal data.
The term ‘Personal Data’ refers to information about you personally (name, license plate, phone number, email, etc.). Please keep in mind that both changes in the law as well as the ever changing state of current technology mean that our privacy statement is subject to change. Anytime a change in our Privacy Statement occurs, we will update this document without informing you. The most recent version of our Privacy Statement applies. We therefore advise you to check this statement regularly.
We process your personal data with the utmost care and in accordance with the GDPR (General Data Protection Regulation). The fundamental idea when processing personal data is that the data that is processed is sufficient, not excessive and relevant. 


Who is responsible for the data?
RC-BKA, its statutory seat in Amersfoort, is the Controller for the Processing of your data. The statement pertains to the gathering and more in general the processing of personal data by RC-BKA, with the main goals of processing payments and providing the mobility services of RC-BKA.


Retention
We don’t retain the personal data we collect longer than is necessary for the purposes for which it was collected, with a maximum of 18 months, unless otherwise stated in this Privacy Statement. After the retention period mentioned here, all your personal data will be removed, unless the data has to be retained longer due to legal obligations. Removal implies anonymizing, destroying or process in such a way that it’s no longer possible to identify you.

What data is collected and for what purpose?
You can provide us with information by filling in forms on our website(s), by using our website or our app, by contacting us through telephone or email, by using third-party services or otherwise. This includes information that you provide when registering on our websites, when using third-party mobility services, when sending us a request, when contacting our customer service, when  concluding a contract for delivery of services, when participating in promotions or questionnaires and when reporting a problem with our website. The personal data you provide, which is necessary to provide our services and/or provide you with an answer can include your name, address, email address, phone number, trip information (location, date, supplier, customer number), and bank data. We will not use your personal data for other purposes than mentioned in this Privacy Statement. We will never sell your personal data.


More specifically, to comply with your request to supply, amend or update one or more (mobility)services, we need to collect your data in the following cases. 


Providing an OV-chipcard


To be able to provide you with an OV-chipcard, we share the necessary personal  data with Trans Link Systems B.V. (hereafter ‘TLS’), our card producer. We take measures to prevent a personal data breach from happening. In this context we only exchange data with TLS that is necessary for them to perform their services. In some cases this is just your card number, on other cases your name and contact data is passed on. We receive travel information and trip data from TLS. Consider location, date, supplier and price of a transaction.

TLS is considered an independent controller in this process. By using the services offered by TLS through RC-BKA you agree to the terms and conditions and the privacy statement of this/these party/parties. We only collaborate with parties that have been thoroughly vetted and that adhere to strict privacy demands. Nevertheless the party in questions is the controller after receipt of your data. We are not responsible for the content, privacy and security practices and the policy of third parties with which we exchange data. We advise you to study the privacy and security practices of TLS before you provide them your data. You can find these on the website of TLS, if necessary you can ask TLS to provide these documents to you. 

The basis for the exchange of data with TLS is the performance of a contract. We process your data until 18 months after termination of your user account. The retention period of TLS can be found in their privacy policy. 

 

Customer contact and (electronic) messages

 

To be able to answer your questions or help you with something it is sometimes necessary for us to use your data. This concerns for example your contact data, your trip data or your device data. To be able to process complaints or requests it can be necessary for us to use your bank data.

 

The basis for processing this data is the performance of a contract. We retain your customer contact data and electronic messages to a maximum of 18 months after the termination of your user account.

 

Reports

 

To create reports and to perform statistical research RC-BKA receives your travel data from TLS. This data is then passed on to Mobility Services B.V.

 

The basis for processing this data is the performance of a contract and looking after the legitimate interests of RC-BKA. We retain reports until 18 months after termination of the contract.

Improving RC-BKA

RC-BKA continuously works to improve its services and your user experience. To improve our services your data is analyzed. For example, your travel data, website and app usage, and system and account data is analyzed.

The basis for processing this data is looking out for the legitimate interests of RC-BKA. We retain your data up to 18 months after termination of your user account.

 

Keeping RC-BKA secure

In the interest of fraud prevention and detection we can use your contact and travel data. We can also use your account and system data, including your IP addresses for security purposes.

The basis for the processing is looking out for the legitimate interests of RC-BKA. We retain your data up to 18 months after the data was created. In case of fraud or unauthorized access we retain the data up to 10 years after the time of the incident.

To whom do we provide personal data?

We can provide you with the personal data that applies to you. Next to Mobility Services B.V. we also provide your data to the following categories of recipients:

  • We are required to provide your personal data should we be obliged by law for any reason.

  • We can provide your personal data to Processors as known under the GDPR. These are suppliers that perform activities commissioned by us. When we colaborate with partners we – as Controllers – make sure that personal data is processed properly and accurately in accordance with the GDPR by our suppliers. This involves the following types of Processors:

    • Hosting parties

    • Analytic software

    • Security software for keeping our services secure

    • Filesharing

    • Research software and services

 

Storage data

We store your personal data within the European Economic Space. 

Links to third-party sites

Our service may contain links to third-party sites, apps and advertisements, that may collect information about you. We do not control such sites or their activities. All data, including personal data you provide to these third parties, are provided directly to these parties and are subject to the privacy statement of these third parties. We are not responsible for the content, privacy- and security practices and the policy of third parties to which these links refer or redirect. We advise you to study the privacy and security practices and the policy of the third party before you provide them with data. You can find these on the third party’s website, if necessary you can ask the third party to provide your with these documents.

 

Security

We’ve taken physical, technical and organizational measures to protect your personal data. We do everything we can to ensure the complete reliability, accuracy and integrity of your personal data in our databases and to protect the privacy and 

security of our applications and databases. At least the following measures are in place:

  • We have set up physical and technical measures and management procedures that were designed to prevent unauthorized access, and/or loss or abuse of personal data as much as possible;

  • Sensitive information or personal data , like account passwords and other payment related identifiable information is encrypted before being transmitted;

  • Sensitive information is encrypted and/or hashed (this includes your password) when retained; we limit the internal access to personal data to employees who need this information to be able to perform their job;

  • Our employees are bound by a confidentiality clause;

  • Our information management systems are designed in such a way that employees who are not authorized to access certain information or personal data, in principle don’t have access to that information;

  • Our servers are located in a secured environment in datacenters. You only gain access to our servers front-end and only by logging in with a user name and password. You are personally responsible for the safe keeping of your login data;

  • The personal data is regularly backed up.

 

Seven rights

The personal data that we use of course is and remains your property. Therefore you have the right to view, amend, delete, limit or transfer the data we have of you to someone else. In some cases this is possible though the web portal of the service provider or via the request form on their service page. You can apply for the following from us:

  • A request to data portability based on your right to transfer your personal data to another party;

  • A request to erasure with which you can enforce your right to be forgotten;

  • A request to access based on your right to view the personal data we have of you;

  • A request to rectify and complete which gives you the right to amend the personal data we work with;

  • A request to restriction of processing with which you can utilize your right to have less of your personal data processed; and

  • A request to objection with which you can enforce your right to object to the data processing.

 

We will ask you top roof your identity as soon as we’ve received a written request to make sure we don’t report your personal data to others. Next we will offer you an overview of all the personal data that we retain of you and/or correct, amend, export or remove personal data. Your request will be handled within 30 days. We would like to inform you that your request may have consequences for the use of our services.

 

Questions or complaints?

Everyone has the right to ask a question or file a complaint with us about the processing of their personal data by contacting us in any of the ways mentioned hereafter. If you want to correct your data, if you have a question or in case you object to us processing your data, you can send us a message. We, RC-BKA, are located in Amersfoort and hold office at Utrechtseweg 9, 3811 NA. Our service desk is available via phone: 088 9343428. 

 

In case of any complaints about the processing of personal data or the handling of complaints pertaining the processing of personal data by RC-BKA you can contact the Autoriteit Bescherming Persoonsgegevens directly, through phone number: (088) 18 52 50, or via: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-indienen-bij-de-ap.

Mobility Services B.V.

Utrechtseweg 9

3811NA Amersfoort

 

T: +31 88 934 34 08

M: info@isicmobility.nl

KvK: 74617419

Customer service:

Monday till Friday

08.00hr till 20.00hr.