In accordance with the established practice, the website stores the HTTP inquiries addressed to our server. The resources viewed are identified by the URLs. The exact list of information stored in the log files of the web server is as follows:
- the public IP address of the computer from which the inquiry was received (this may be the user's computer directly)
- the customer's station name - identification implemented by the http protocol, if possible,
- the user name given during the authorisation process,
- time of the inquiry,
- the first line of the http request,
- the http response code,
- the URL of the website previously visited by the user - in the case where the Blinkee.city website was accessed via a link,
- information about the user's browser,
- information about errors that occurred in the execution of the http transactions.
To ensure the highest quality of the website, we occasionally analyse the files with logs in order to determine which websites are most frequently visited, which web browsers are used, whether the structure of the website does not contain errors, etc.
In GE collects data when the blinkee.city app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of mobile device as follows:
- centering the map on the user to show vehicles near his location,
- when the user uses the "find me" feature on the map,
- Sending the location for possible correlation of the user's position data with the rental vehicle data, e.g. when starting or ending a rent.
Registration on the website and in the application
In order to perform the services, the user shall register via the blinkee.city mobile application. Access to the registration form is possible by clicking on the "Register" button. The data provided during the registration are necessary to perform the service.
- creating a new account involves providing the registration data: "e-mail, password"
- next, the User confirms the registration by receiving an e-mail verifying the e-mail address and clicking on the link sent to the address given in the "e-mail" box,
- the system records the IP address, date and time of registration on the website,
- after confirming the registration and logging into the account, the user provides the following data:
- phone number,
And optionally, the data required to confirm the payment method:
in the case of card:
- number of the debit/credit card,
- validity of the debit/credit card,
- CVV code of the debit/credit card.
- Additionally, the user provides a scan/photo of the driver's licence or ID card via the "Documents" option, in order to check the rights of the Users to ride the scooter. The reading of the document is automated, then the following personal data are distinguished: name, surname, date of birth, date of validity of the document and the category of the driving licence, and entered automatically into the blinkee.city system. In case the document is not recognised, reading and entering may be done manually by an authorised employee.
- The personal data contained in the attached scans of the identity card/driving licence shall be subject to automated decision making.
- Optionally, the user may edit the "invoice data" option. In the framework of issuing invoices we collect the following data:
- country of residence,
- postal code,
Use of the data
The collected logs are stored for a limited period of time (10 years) as a supporting material serving to manage the website. The information contained therein are not disclosed to anyone other than those authorised to manage the company's servers and network. On the basis of the log files, statistics may be generated to help manage and administer the website. Summaries in the form of such statistics shall not contain any characteristics identifying the persons visiting the website.
The Cookies mechanism
The Cookies mechanism is not used to obtain any personal data of the website users. For each *blinkee.city/ website we use the following Cookies:
- _fbc - a file used by Facebook to display, measure and improve the relevance of ads,
- _fbp - a file used by Facebook to identify the browser in order to provide advertising services and analysis of the site,
- _ga* - files associated with Google Universal Analytics. They are used to distinguish unique users by assigning a randomly generated number as a customer identifier. They are included in every request of the website and are used to calculate visitor data, sessions and campaigns for the analysis reports of the sites. They expire after 2 years by default, although site owners may customize it. The main purpose of these files is efficiency,
- _gat_UA-88751404-1 - a file of the pattern type set by Google Analytics, in which the pattern element in the name contains a unique account or site identification number to which it refers. It is a variation of the _gat file, which is used to limit the amount of data recorded by Google on high-traffic websites. The main purpose of this cookie file is efficiency,
- _gat_gtag_UA_115290388_4 - a file associated with Google Universal Analytics, used to deliver advertising products,
- _glc_au - a file used by Google AdSense to experiment with the effectiveness of ads on displayed sites,
- _gid - a file that is used to identify users recorded by the Google Analytics website tracking service,
- _hjincludedInSample - a file associated with the Hot Jar's web analytics features and services. It uniquely identifies the user during a single browser session and indicates that the user is included in the recipient sample. The main purpose of this file is efficiency,
- _hjid - a file that is set when a customer visits a website with the Hotjar script for the first time. It is used to store a random user ID, unique to this site in the browser. This ensures that the behaviour during subsequent visits to the same site is assigned to the same user ID. The main purpose of this file is efficiency,
- grav-site-f82fd17 - a file used to calculate the number of users visiting the site.
Links to other websites
Information concerning the processing of personal data of the electric vehicle users by Green Electricity Sp. z o. o.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC - hereinafter referred to as “GDPR”, we would like to provide you with the following information on the processing of your personal data:
I. Personal data controller and Data Protection Officer
The controller of your personal data is Green Electricity Sp. z o. o., with its registered office at ul. Ząbkowska 31, 03-736 Warsaw.
The controller has appointed a Data Protection Officer (DPO), who may be contacted in all matters related to the processing of personal data. DPO contact details: Paulina Machowska, e-mail address: firstname.lastname@example.org.
II. Purposes and grounds for the processing of data
The controller processes your personal data for the following purposes:
- performance of the terms and conditions of the contract for the rental of a vehicle, concluded between the Controller and the User (Art. 6 sec. 1 letter b of the GDPR);
- fulfilment of the legal obligations imposed on the Controller (Art. 6 sec. 1 letter c of the GDPR), concerning, among others, performance of the contract, issuance of invoices;
- resulting from legitimate interests exercised by the Controller (Art. 6 sec. 1 letter f of the GDPR), including: to pursue and defend against possible claims related to the implementation of the legal regulations or the contract concluded, for the purposes of internal administration;
- sending via text message and e-mail information and marketing materials concerning the services provided by the Controller and cooperating entities, as well as anonymous questionnaires used to collect demographic and profile data, on the basis of the consent given by the User (Art. 6 sec. 1 letter a of the GDPR).
III. Data recipients
The recipients of your personal data may be entities providing services to the Controller on the basis of appropriate contracts in the following areas: IT, legal, advisory, insurance and payment operators, text message and e-mail gateways, as well as entities authorised to obtain your personal data on the basis of the applicable legal regulations, e.g. courts and state bodies.
IV. Data retention periods
Your personal data shall be retained for the period necessary to fulfil the purposes for which they are processed, and then for the period necessary to secure the pursuit of any claims or defence against them and the fulfilment of any obligations resulting from the legal regulations.
After the deletion of the user's account, his/her personal data shall be retained in the event of the need to claim a penalty notice related to the rides performed by the user. The retention period for which the personal data are necessary for us is 1 year from the last ride, as after this time the act is no longer punishable. This period may be extended by 2 years if legal proceedings are initiated during this period.
The data collected for marketing purposes are deleted within two weeks after deletion of the user's account.
Due to the fact that the user's account cannot be created again under the same e-mail address, it shall be retained after deletion of the account in encrypted form, which is a legitimate interest of the Controller.
V. Rights of natural persons
Under the terms and conditions set out in the regulations on personal data protection, you have the right to:
- access the content of your data, to rectify, erase or limit the processing of the data,
- object to data processing,
- withdraw consent to the processing of personal data, without affecting the lawfulness of the processing performed before its withdrawal,
- lodge a complaint with the President of the Office for the Protection of Personal Data if you consider that the processing of your personal data violates data protection regulations.
In order to exercise your rights, please send your request to the following e-mail address: email@example.com.
VI. Information on the requirement of/voluntary provision of the data
To the extent that your personal data are processed on the basis of a legal obligation imposed on the controller and the performance of public tasks, the provision of personal data may be a statutory requirement.
To the extent that your data are processed for the purpose of concluding or executing a contract, as well as on the basis of the consent, the provision of your personal data is voluntary, however, the consequence of not providing these data shall be the impossibility to conclude a contract/send information and advertising materials.
VII. Transfer of data to third countries or international organisations and profiling information
Green Electricity does not transfer personal information to third countries or international organizations.
Personal data is not subject to automated decision making, including profiling.
The Cookies mechanism is not used to obtain any personal data about the service users.