This Privacy Notice sets out how Beryl processes your personal data when using our site and app. We encourage and recommend that you read it in full. We also understand that people have busy lives however, and so wanted to help you by providing a brief overview of how and why we process your personal data.
In general, we will only collect the personal data that we need from you to offer you our services. For example, in order to hire one of our bicycles we will need your name and payment information. We will also need to monitor when you collect and drop-off a bike and the location of the bike.
Ultimately, we aim to only process your personal data where it is necessary and we will always keep your personal data secure. Your enjoyment of our services is our primary concern.
If you have any questions regarding this Privacy Notice or our privacy practices, please contact us by email via firstname.lastname@example.org or by writing to Beryl HQ, Unit 6, The Hangar, Perseverance Works, 38 Kingsland Road, London, E2 8DD. Alternatively, you can call us at 0203 3003 5044.
- Who is Beryl?
- How Beryl updates this Privacy Notice
- How do we collect information?
- What information do we collect?
- How does Beryl use your information?
- When does Beryl disclose your personal data?
- Does Beryl send your personal data out of the EEA?
- How does Beryl keeps your personal data secure?
- How long does Beryl keep your personal data?
- Your communications preferences
- Your rights
- Beryl customers under 16 years of age
- Third parties
- Changes to this Privacy Notice
3. Who is Beryl?
Beryl is an urban cycling company, creating innovative products with technology, design and the environment at their core. Beryl is the trading name of SMIDSY Ltd, a limited company (no. 07831245). Our registered address is Unit 6, The Hangar, Perseverance Works, 38 Kingsland Road, London, United Kingdom, E2 8DD.
Beryl will also be the controller of your personal data. "Controller" (or "data controller") is a legal term which means that we are responsible for determining the purpose for which your personal data is used, as well as being responsible for keeping it secure.
As a controller we have registered with the Information Commissioner's Office in the UK and our registration number is ZA029650.
4. How Beryl updates this Privacy Notice:
This Privacy Notice was last updated on the date set out at the end of the document. From time-to-time we may make amendments to this Privacy Notice and when we do we will update the date at the bottom of this document. Therefore we advise that you check this Privacy Notice frequently. If we make any material changes to this Privacy Notice we will contract you directly about such changes.
5. How do we collect information?
We collect information from you in three ways. The main way is that we collect information directly from you when you provide it to us when signing up to our services. The next most common way we collect your data is from the app which sends us certain information about your use of the app and the bike which tells us its location (and therefore probably also your location). Finally, we also collect some information about you from third parties, but this is only in respect of our payment processors (such as PayPal and Stripe) so that we can verify your payment details without having to store your card or payment details.
6. What information do we collect?
At Beryl, we collect the following information when you use our site and app:
- Your email
- Your name
- Your address
- Your card number and payment details
- Your usage of our app and website
- A unique ID provided to us by our payment processors
- Location data of our bikes
- Analytical data provided to us from cookies and the app
- Any personal data that you volunteer to us (i.e. via communications)
The purposes for us collecting this data is set out in the next section.
7. How does Beryl use your information?
In accordance with data protection laws, we will only process your personal data where we have a lawful basis for doing so. In respect of your personal data, these bases are: (i) where it is necessary to provide services to you under the performance of the contract we have with you; (ii) where you have given your consent; and (iii) where it is in our legitimate interests to process your personal data, and provided that our interests do not prejudice your own rights, freedoms and interests.
The following are a list of the purposes for which Beryl processes your personal data, and the lawful basis on which we carry out such processing:
- Purpose: To set-up, administer and manage your account with us | Lawful Basis: Necessary for the performance of a contract.
- Purpose: To take payment from you | Lawful Basis: Necessary for the performance of a contract.
- Purpose: To track the location of our bikes via GPS within the bicycle | Lawful Basis: Legitimate interests so that we can learn more about cycle routes and where our bikes are.
- Purpose: To send you emails regarding news and events which may be of interest to you, including product launches, urban cycling and price promotions | Lawful Basis: Consent.
- Purpose: To seek your views on our products through a survey | Lawful Basis: Consent.
- Purpose: We may also use your email to deliver personalised advertising messages to you [and others like you] via the social media platforms that you use | Lawful Basis: Legitimate interests so that we can advertise our new products and services.
- Purpose: To respond to communications | Lawful Basis: Consent.
- Purpose: To prepare and analyse statistics relating to the use of our site, app and services by you and other customers | Lawful Basis: Legitimate interests so that we can ensure our services, site and app is as enjoyable as possible.
- Purpose: To conduct market research | Lawful Basis: Legitimate interests so that we can better understand the services that our customers most enjoy.
- Purpose: To send you service messages and updates about our app, site and services | Lawful Basis: Necessary for the performance of a contract.
- Purpose: To administer and protect our business and this App including troubleshooting, data analysis and system testing | Lawful Basis: Legitimate interests for running our business, provision of administration and IT services, network security.
- Purpose: To record and analyse customer communications for training purposes | Lawful Basis: Legitimate interests to improve our customer service.
- Purpose: To consider any job applications we may receive | Lawful Basis: Consent.
- Purpose: Those that are necessary for the operation of the site, including allowing you to interact with our site and to recall selections as you move between pages | Lawful Basis: Necessary for the performance of the contract.
- Purpose: Those that analyse your use of our site, monitor our web audience and populate certain content on our site in line with your usage | Lawful Basis: Legitimate interest so we can continue to analyse and improve our site and app.
- Purpose: Those that are used for third party marketing | Lawful Basis: Consent.
We may also process your personal data for additional purposes in the future but only where such purposes are compatible with those listed above and where we believe that the same lawful basis applies.
Cookies are small files of information which are stored on your computer. We may use them to store your password so that you don't have to keep filling in a registration form every time you want to log in. We may also use them to study things such as the places on our site that you visit, which parts of our site you like best, where you have come from and who your internet service provider is.
You can delete cookies via your browser settings and can learn more about cookies and how to delete them here.
9. When does Beryl disclose your personal data?
Your personal data may be accessed by our staff and service providers where necessary. In such circumstances, those processing your personal data shall only do so on our behalf and in accordance with this Privacy Notice.
When working with third party suppliers or contractors (known as processors), we ensure that this access is always limited to exactly what is necessary for the task being completed, and revoked when the contract ends. Additionally, we ensure we have contractual obligations from the third party or contractor that requires them to keep your information secure and to never use it for purposes other than as directed by Beryl.
For payment processing purposes we use Stripe and PayPal. These companies specialise in the secure online capture and processing of credit/debit card transactions. As such, your payment and card details that you provide to us are held by them as controllers.
We may also disclose your personal data in the following circumstances to third party controllers:
- Law enforcement agencies in order to assist with investigations (but only where we are satisfied that the request is legitimate and a disclosure is proportionate).
- Purchasers or investors of Beryl in order to allow them to conduct suitable due diligence.
- Where we are required to defend ourselves legally.
- Where we bring a claim and it is necessary to disclose personal data as part of that claim.
- Our professional advisors.
We would never sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
10. Does Beryl send your personal data out of the EEA?
We use processors based in the United States (Google Analytics, Typeform, Segment, Klaviyo, Facebook). These processors are all subscribed to the EU-US Privacy Shield framework to ensure that your data remains secure.
11. How does Beryl keep your personal data secure?
All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by our chosen third-party provider of payment processing services and will be encrypted using 128 bit encryption on Secured Sockets Layered technology. This means that when the information is transmitted over the internet, it is done so securely and with minimal risk of compromise. When you are on a secure page, you will see the lock icon and “Secure” appear in the URL bar at the top of the page in your browser.
We endeavour to keep your information as secure as possible. We do this through carefully selecting only those third party systems and providers with excellent reputations for security management.
You are responsible for keeping your password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. And we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
12. How long does Beryl keep your personal data?
We will retain your personal data for the period necessary for us to provide you with our services and to comply with our legal obligations. If you retain an account with us then we will retain your personal data. Once your account is closed we will aim to delete your personal data within 90 days but we may need to retain some information where there are ongoing matters, such as disputes.
Our marketing databases are managed separately and we will only send marketing to you for so long as we believe is appropriate. You can always unsubscribe from marketing at any time. Please be aware that if you do unsubscribe we will not simply delete your personal data, but will keep a record of your unsubscribe request so that you do not receive future communications.
13. Your communications preferences:
We would love to stay in touch with you, but we completely understand if you do not want to receive communications from us via email or post. You are able to select your choices for communication when you sign up to our mailing list or purchase a product from us. We will never contact you via a channel you have not given consent to. Additionally, we always offer an unsubscribe option at the bottom of every email you receive from us, where you’re welcome to change your email preferences.
14. Your Rights:
You have the following rights in relation to your personal data. To exercise these rights please contact us by emailing email@example.com. To ensure the security of your personal data, we may ask you for valid proof of identity and once we’ve received it, we will provide our response within one month. If your request is unusually complex and likely to take longer than a month, we will let you know as soon as we can and tell you how long we think it will take. If we deem your request to be manifestly unfounded or excessive we may require an administration charge or may refuse the request altogether.
Please note that the below rights are not absolute and there may be circumstances where we are unable to comply with your request (whether in whole or in part).
You are entitled to confirmation that we process your personal data and a copy of such personal data.
If you believe the personal data we hold on you is incorrect, you have the right for this to be rectified. You may also update your personal data through your account settings.
You can request us to erase your personal data where there is no compelling reason to continue processing.
You may request a restriction on the processing we undertake on your personal data. This will only apply where we have no lawful basis to process your personal data, your personal data is inaccurate or to comply with an objection request (see below).
You may object to our processing of your personal data where our processing is carried out in accordance with the legitimate interests lawful basis. Please note, however, that should we determine that our interests are so compelling as to override your objection we may continue to process your personal data.
You may also object to receiving direct marketing at any time.
You have the right to receive some of your personal data in machine readable format. This right extends to you being able to request that such data is sent to a third party controller.
Where the lawful basis we rely on to process your personal data is consent you have the right to withdraw this consent.
Your right to complain to a supervisory authority:
Further information about your rights can also be obtained from your national data protection regulator – in the UK the Information Commissioner’s Office (https://ico.org.uk/). If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority, although we would ask that you contact us in the first instance.
Your right to be informed:
This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions you may have about our use of your personal data.
15. Beryl customers under 16 years of age:
If you are under 16 but are interested in Beryl products or emails, please seek the permission of a parent or guardian before you sign up to our newsletter or purchase a product from our site.
16. Third Parties:
Except as otherwise expressly included in this Privacy Notice, this document addresses only the use and disclosure of personal data we collect from you. If you link to a third party site from our site or app then you should ensure that you read the third party privacy notice.
17. Changes to this Privacy Notice:
We keep this Privacy Notice under regular review. This Privacy Notice was last updated in June 2019.