How we treat personal information

Processing of personal data

Personal data is data that can be linked to you as an individual. This may include data such as your name, telephone number, or gender.


This statement gives you information about UIP Drift AS (hereafter "UIP") and its processing of personal data in connection with the use of UIP's city bicycle services.

The Privacy Statement provides you with information about which personal data we collect, why we process your personal data, and your rights relating to the processing of your personal data.

Data Controller

UIP Drift AS (org.no: 920285376 ) operates and maintains Bergen Bysykkel, and is responsible for the processing of personal data in connection with the city bicycle services. As data controller, UIP is therefore responsible for the processing of your personal data. The person responsible for the data controller determines the purpose of the processing of the personal data, as well as how the data is used.

Our contact information is:

Address: Kværnerveien 5, 0192 Oslo

Email: post@bergenbysykkel.no

Phone: +47 902 59 737

UIP has a privacy representative who can be contacted at dpo@urbansharing.com.

If you have any questions related to UIP's processing of your Personal Information or this Privacy Policy, please contact our Privacy Officer as described above.

Which personal data we process, our purposes for data processing, and the legal bases under which we process data.

Information about the use of the services which comes from legitimate interest includes:

  • which subscription a user current holds and has held in the past, including timing and payment method;
  • Information needed to purchase a subscription and access the city bike service, including debit card and phone number. The information is necessary to fulfill your agreement on the use of city bicycle services.
  • the trips a user has taken, including start and end times, as well as start and end stations;
  • a phone's position when the app is active to determine that a user is near a station;
  • a scooter’s position along the way, which allows us to locate scooters that are not returned, or that are registered for Ruter;
  • the version of the app and a mobile phone's operating system for each time a bike is retrieved, as well as when a user logs in to our app or website; and
  • which language a user has on their mobile phone so we can talk to them in the same language.

The basis of the processing of the above information is in UIP's legitimate interest in providing its services and operating those services in the best possible manner. This includes identifying a user, giving the user access to scooters, communicating with the user on the platform, and notifying the user of their legal term expiration.

  • Information a user can choose to share with us, which is justified by our legitimate interests and which may be withdrawn at any time, includes:
  • Email is used to verify if a user is eligible for campaigns through our sponsor. Email is only used for this purpose upon explicit request inside the app or website
  • the name used when communicating with a user;
  • the email address used to send a user messages;
  • a user’s postal code, which we use to analyze where people live, and compare it to where and when they ride;
  • a user’s gender and birth year, which are used to analyze which population groups use our service;
  • A phone's position during a trip, which is used to give a user historical maps, help a user find a better position when ending a journey, and provide a general overview of where people cycle.


  • We ask a user for consent to send messages by push notification, SMS, or email about the service or other services. Messages can include information such as when a season opens, the opening of new docks, urban scooter facilities in other cities, or information related to our partners.
  • We provide customized information to users only if they give consent. We use segmented information - such as a user’s postal code - to provide users with relevant information about our services. A user can quickly turn off specialized content in their user profile.

  • We retain usage history for a temporary period of time in order to safeguard our rights and obligations under contract, while keeping to GDPR standards of data minimizations. Among other things, we will do this to see where the need for scooters is greatest. We provide this data to users who want to have an overview of which bike trips they have taken over time. UIP also uses this history to improve its services.

  • We use data for system testing, quality assurance, troubleshooting and other processing needed to improve our services. It is in UIP's legitimate interest in improving its services, as well as delivering flawless services to its users. Users can choose whether they want to share error diagnostics and usage data with UIP in their user profile settings.

  • We share data in order to comply with legal obligations that UIP is subject to, as well as orders from public authorities, which can include requirements for bookkeeping.

  • We use data in order to safeguard UIP's rights, including to determine, enforce or defend a legal claim in respect of lost or damaged bicycles. We also use data to safeguard UIP's legitimate interests, such as warnings and exclusions in the event of late delivery of bicycles, or other rights under contract with UIP.

  • On the iPhone users can choose to store bike rides as training sessions in the Apple Health app. To calculate calorie burn, we process heart rate and weight in our own app. This data never leaves the user’s phone and is not used for data analysis or other purposes beyond the user’s personal history. A user can withdraw their consent for the processing of their health data at any time.


In order to fulfill our contract with a user, we need certain pieces of information, such as a credit card number and telephone number. We cannot meet an agreement with the user without this data.

Facebook Pixles

  • We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

  • This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebookad. This enables us to measure the effectiveness of Facebookads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation.Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

  • The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.



Who has access to your personal information

Internal access

We only give access to employees who need personal data to perform their duties. This mainly means our customer service team, as well as employees who follow up any disputes related to the services. A very limited number of our employees have access to our entire customer register to ensure its continuous operation.

External access

UIP may disclose personal data to third parties if there is a legal basis for extradition. For example, UIP may disclose personal information to public authorities in order to comply with statutory requirements or orders (such as tax authorities or the police), or to safeguard our rights in connection with a dispute with a user (such as to the Consumer Disputes Committee).

We also share aggregated and anonymised data about our users and their use of the service - which cannot identify them as an individual - with research projects and institutions for statistical and research purposes. These research projects are available to the client, as well as open to the public. We also share personal information with partners who give our users membership benefits - such as OBOS. Delivery of this data is dependent on a user’s consent.

UIP uses external data processors to collect, store or otherwise process personal information on our behalf, such as in connection with our IT systems, payment services, email broadcasts, and chat services. The relationship with these suppliers is regulated by a data processing agreement (DPA), which, among other things, ensures information security for the personal information of our users. A list of providers with whom we have a DPA with can be provided upon request.

All processing of personal information about our users takes place within the EU / EEA area. If a users personal information is subject to processing or storage outside of the EU / EEA, UIP will ensure that your personal data is subject to adequate security guarantees, including through the use of EU standard terms of such transfer, transfer to companies subject to Privacy Shield certification, or by transfer to land which is pre-approved by the EU Commission.

For Facebook Pixles - please see separate section above.

Your rights

A user has the right to demand access, correction or deletion of the personal data we process about them if the terms of this are met. They also have the right to demand limited processing, correct objection to the processing and, in some cases, the right to demand data portability. If the processing is based on a user’s consent, they may withdraw their consent at any time.

A user has access at all times to a list of consents and data we have stored about them in their user profile. There they can correct or delete data, as well as withdraw consent. If they have any questions about their rights, or wish to exercise their rights, they can contact the UIP or our Data Privacy Officer (DPO) via contact information provided on our website. The user also has the right to complain about our processing of their personal data to Datatilsynet

For Facebook Pixles - please see separate section above.


Retention of personal information

Data Retention

UIP stores your personal information as long as it is necessary to achieve the purposes for which the personal information was collected as defined in this statement. This means that we keep the personal data as long as you are registered with us, unless otherwise expressly stated.

Deletion

If you delete your account at Oslo Bysykkel, you immediately lose access to the service, and our client managers will no longer be able to see you. For operational reasons, however, it may take up to 3 months before all information about you is gone from UIP's systems.

However, continued storage of your personal data may be necessary as a result of UIP's need to:

  • establish, enforce or defend a legal claim, including to safeguard its interests in a dispute with you, for example. lost or damaged bike; as well as
  • fulfill statutory requirements, including requirements for continued storage under the accounting legislation. This applies, among other things, to payment and transaction history, which UIP is obliged to keep for up to 5 years according to bokføringsloven.

How do we protect your personal information

UIP takes its users 'privacy seriously, and has taken appropriate technical and organizational security measures to protect employees' personal information against violations of personal data security, unauthorized access to, and disclosure of personal information, including:

  • Communication with and between our services is encrypted.
  • Stored data is encrypted and is not available to our IT infrastructure subcontractors.
  • Data centers where your information is stored are physically secured against intrusion.
  • All reading of the information about you is logged so that this is verifiable.
  • Access internally occurs with updated software, and with 2-factor authentication at login.
  • Information on payments and payment cards is stored in secure PCI-certified systems by our payment provider PayEx.


Links to other sites

From time to time there may be links on UIP's website to other websites, including web pages operated by our partners. When you follow one of these links, you leave our website. These third-party websites have their own privacy statements that determine how the web pages are operated, as well as how personal information is collected and processed. We recommend that you familiarize yourself with the third-party website's own privacy statements and terms of use when you visit and use these websites.


Amendments

From time to time, UIP will make changes to this privacy statement. An updated version of UIP's privacy statement will be available at all times in the app and on our website. You are encouraged to visit this page regularly to keep up to date with our current privacy statement. If UIP makes changes to the processing of personal data, this statement will be updated. You will be notified of these changes via our app, on the website and / or through the contact information you have provided.