Privacy statement #posifiets-app
This privacy statement provides information about how the #posifiets app handles personal data, processed in the context of its services.
The #posifiets app was developed by Mobidot B.V., which is also responsible for the management and processing of all personal data (hereinafter referred to as: ''the processor'') on behalf of the Zuid-Limburg Bereikbaar Program Office (hereinafter referred to as: ''Zuid-Limburg Bereikbaar''). Zuid-Limburg Bereikbaar is a partnership between the Ministry of Infrastructure and Water Management, the Province of Limburg and all sixteen municipalities in South Limburg. Together with many partners, Zuid-Limburg Bereikbaar works on accessibility, more efficient car use and sustainable mobility. For a healthy living, working and social climate in the region.
The processor cooperates with Keijzer B.V. in offering a support desk, with which the personal data can be shared. Keijzer B.V. is therefore the sub-processor. The storage of the data takes place in a data center in the Netherlands at Previder B.V.. Previder B.V. is therefore also a sub-processor. Keijzer B.V. and Previder B.V. are hereinafter also referred to as “the sub-processors”.
Zuid-Limburg Bereikbaar is part of the municipality of Maastricht. The municipality of Maastricht is the client for the development of the #posifiets app and is therefore the controller (hereinafter referred to as: "the controller").
Colosseum 44, 7521PT Enschede
Maliebaan 108, 3581CZ Utrecht
Expolaan 50, 7555BE Hengelo
Mosae Forum 10, 6211 DW Maastricht
The #posifiets app is part of the cycling promotion project for Zuid-Limburg Bereikbaar. With this app you gain insight into your daily cycling movements and you can save up for nice gifts with your cycling kilometers. The #posifiets app on your smartphone automatically measures where and when the bicycle is used and you as a user receive a reward for this. The #posifiets app is also used for fun challenges to make cycling even more challenging. Of course coupled with attractive prizes.
To achieve this goal, it is necessary to install the #posifiets app on your personal mobile phone (no company-owned business phone), create an account and collect (detailed) data about, among other things, your movements by bicycle. We need this collected data to determine your movements and to award any associated rewards and perhaps to make the traffic light turn green more quickly for cyclists.
The data the processor collects and processes on behalf of Zuid-Limburg Bereikbaar via the #posifiets app contains personal data. The data is collected to identify the user and the user shares this data with the #posifiets app to make optimal use of it. This privacy statement supplements the abbreviated privacy statement in the #posifiets app. In the event of any conflict between these or other conditions declared applicable, these conditions shall prevail.
Hereinafter, “we” or “us” also means Zuid-Limburg Bereikbaar (ZLB), together with its processor Mobidot.
- Via the #posifiets app we collect your movements (location data) via your personal mobile phone (not a business or company phone) with the aim of giving you insight into your own travel behavior and rewarding you for the smart travel choice.
- The #posifiets app automatically determines how and with what you move via the sensors of your phone. In addition, we collect your feedback about your travel experience via the #posifiets app.
- In order to identify you as an individual, you must create a user account in the #posifiets app. Your e-mail address is used as a unique username. You must also provide the four digits of your postal code so that we can check whether you meet the conditions for participation (account and profile information).
- Your personal journeys and feedback will not be shared with third parties, unless you do this yourself via the sharing options in the #posifiets app.
- Your travel data and feedback is anonymized and Zuid-Limburg Bereikbaar uses this for traffic engineering policy and makes it available for (scientific) research. This data is not sold.
- If you are cycling near a traffic light equipped for this purpose, an accelerated green may be requested automatically. This request is anonymous.
- While using the #posifiets app, Mobidot collects log data, such as the smartphone model you use and the amount of data exchanged daily. These are used by Mobidot to improve and optimize the service of the #posifiets app.
- If you contact the support desk of the #posifiets app, the contact details you specified (email, telephone number) on the part of Mobidot and Keijzer (support desk) will be used to provide an answer. This data may be kept by the support desk for training purposes or to improve the #posifiets app.
- You always have control over the data you provide or over the measured data. You can therefore withdraw your previously granted consent at any time. If you want your user account to be permanently terminated, you can contact the helpdesk via firstname.lastname@example.org and all your personal data will be removed from the Mobidot systems. If you only remove the #posifiets app from your phone, only the data stored locally on your phone will be removed. The data located at Mobidot is not automatically deleted. To do this, you must therefore contact the helpdesk via the above-mentioned e-mail address. For iOS phone owners there is a possibility in the app (via settings) to delete the account including all data from the app itself.
- You have the right to view all data recorded about you. If you believe that data has been recorded incorrectly, you can indicate to change it.
- We have a complaints procedure. If you have a complaint or believe that we are not handling your data correctly, you can make this known via email@example.com.
This privacy statement describes the guidelines for the information that the processor or sub-processor as well as the responsible party (collectively “We”, “Us”) collect and store when you use the #posifiets app.
As providers of the #posifiets app, we think it is very important that users can rely on us. This means that we handle data, and specifically personal data responsibly. The guidelines of this privacy regulation are in accordance with the General Data Protection Regulation (EU2016/679, hereinafter “GDPR”) and the guidelines of the Dutch Data Protection Authority.
The Municipality of Maastricht is the main assignment provider for Zuid-Limburg Bereikbaar, client of the #posifiets app, and within the meaning of the law responsible for the privacy-sensitive data processed via the #posifiets app. The project is carried out by a project organization. Within this project organization, the company Mobidot B.V. the processor and responsible for the development, keeping the #posifiets app available and the daily processing of the data used within the #posifiets app. This makes the processor within the meaning of the law processor of the privacy-sensitive data processed via the #posifiets app. The processor works closely and shares information with the project partner and sub-processor Keijzer B.V. for the purpose of running a support desk. To this end, all parties involved have signed a processing agreement with each other.
We collect your data on a voluntary basis through the use of the #posifiets app. By using the #posifiets app, you consent to the collection and processing of your personal data in accordance with this privacy statement. If you do not wish this, we request that you do not start using the #posifiets app (and your account) or immediately stop using the #posifiets app and ask us to delete your data in the specified in this privacy statement mentioned manner.
The #posifiets app is for personal use. You decide for yourself which data you want to provide to us and you are always in control of whether or not you give feedback and whether the #posifiets app measures your movements.
- Account information
- Collecting purpose: to provide access to the #posifiets app. Filtering appropriate challenges. Personalizing the #posifiets app.
- Data: profile name, e-mail address, zip code residential address (four digits); interests (sustainability, travel time, health or cost aspect); setting preferences.
- Contact details (only if you approach the support desk):
- Collection purpose: to provide support for specific questions or problems with the #posifiets app.
- Data: e-mail address and/or telephone numberSub-processor: Keijzer B.V.
- Address data
- Collecting purpose: being able to send a reward such as an entrance ticket or other prizes by post.
- Data: postal address
- Sub-processor: Keijzer B.V.
- Mobility data
- Collection purpose: collecting information about your travel behavior and travel experience. Support issuance reward for displayed travel behavior. Gaining insight into travel behavior and effects. Providing travel advice. To be able to show all your rides on a map, the #posifiets app needs permission to use your location at all times. The #posifiets app uses location in the background to passively register rides, even when you are outside the #posifiets app, including at what time you start or stop moving. The app only collects data about your travel behavior when you actually move.
- Core data: smartphone sensor (GPS, Wifi and Accelerometer) traces linked to times (“rides”), collected feedback on questions in the #positive app and via surveys on travel behaviour, motivation, demographics and travel experience.
- Log data
- Collective goal: to analyze and improve the performance and use of the #posifiets app.
- Core data: usage data/analytical data #posifiets-app and telephone (type of smartphone, operating system and version, battery level, sensing events, log data on performance #posifiets-app).
- Account information
If you use the #posifiets app, we collect your trips in a personal overview (“your rides”). The information derived by us concerns:
- Start and end time of each ride;
- Start and end point, route and infrastructure used during each trip;
- Distance traveled, journey time and average speed;
- (The probable) means of transport for each journey;
- Frequently visited places and times;
- Frequently chosen routes and times;
- Relation between the means of transport used;
- Weather conditions during the ride;
- Estimate of costs, CO2 savings and calories burned per trip;
- Any feedback given.
In addition, via the #posifiets app we ask for additional demographic background information, bicycle use for the use of the #posifiets app and motivation. This measures and evaluates the effects of the #posifiets app.
We do not knowingly process personal data of children under the age of 16. If it appears that we have collected personal data from someone under the age of 16 who has not been given permission by parents or guardian, the relevant account will be closed immediately and all personal data will be deleted.
We anonymize all your processed travel data and feedback you provide about travel experience by aggregating and randomizing it. After this, the data can no longer be traced back to you.
Anonymization is achieved by pooling information from multiple users and randomizing the information. Randomization includes:
- Cut away 0-200 meters at the start and end of measured routes;
- Removal of user information so that, for example, it can no longer be traced that the bicycle ride from A to B on Tuesday was carried out by the same person as the ride from C to D on Friday;
- Shift data in time with a randomly determined offset of random -30 and +30 minutes.
We use a number of reward partners to be able to use our #posifiets app and to fulfill our obligations. These reward partners help us to provide rewards or additional services. These reward partners do not have access to your personal information or account.
We may contract additional third parties to provide, expand or perform our obligations on the #posifiets app, but will never provide your personal information to these third parties without your prior consent. These third parties will always be required to protect your personal data in accordance with this privacy statement.
In the event that any of the performing parties is sold or transferred, or in the event that substantially all of the assets of any of the performing parties are sold or transferred to a third party, you will be notified in advance and you will have the right to account and have all your personal data deleted. In any case, the third party has the obligation to take over your rights with regard to your personal data as described in this privacy statement.
The municipality of Maastricht does not store any personal data. The processor retains the personal data on behalf of Zuid-Limburg Bereikbaar (municipality of Maastricht) only for as long as necessary for the purpose of the project and as determined by the municipality of Maastricht, unless it is required by law to retain certain personal data for a longer period of time. At the end of the term of the project, all collected and derived personal data will be permanently removed from the processor's systems within 3 months.
You always have control over your personal data. You can therefore withdraw your previously granted consent at any time. If you want to terminate your #posifiets account, you must indicate via support@#posifiets-app.nl that you no longer wish to use the #posifiets app. We will then close your account within ten working days and remove all your collected and derived personal data from our systems within four working weeks, unless we are required by law to retain certain data for a longer period of time. If the latter is the case, we will inform you of this. If you only remove the #posifiets app from your phone, only the data stored locally on your phone will be removed. The data located at Mobidot is therefore not automatically deleted. To do this, you must therefore contact the helpdesk via the above-mentioned e-mail address. For iOS phone owners there is a possibility in the app (via settings) to delete the account including all data from the app itself.
You always have control over your personal data. We offer you choices within the #posifiets app regarding the collection, use and sharing of your data. This choice may have consequences for the services, functionality and information that we can provide you. Via the #posifiets app you can largely view your travel behavior and change, correct or revise a number of parts yourself.
You have the right to know what personal data has been recorded about you and with whom we share it. Do you want to view them? Send an email to firstname.lastname@example.org. We will then provide you with this information within four working weeks. In addition we can:
- change your personal, if you rightly indicate that they are not correct;
- delete your personal data (under conditions).
You can only view, change or delete your own personal data. We ask you to identify yourself. You are not allowed to view data of other persons. An unreasonable number of requests from an individual may result in charges for this feature.
Since Zuid-Limburg Bereikbaar is carrying out this project, it will have access to the anonymised mobility data and impact reports with the aim of gaining statistical insight into travel movements at regional level in order to improve accessibility, monitor and evaluate current mobility policy and stimulate sustainable transport.
Anonymised mobility data is also used for (scientific) research and for communication and promotion of the results and effects of the application of the #posifiets app to a wider audience.
We will never provide, distribute or disclose your personal information and non-anonymised mobility data to third parties, unless we are required to do so to:
- to comply with legal regulations or case law;
- to prevent serious prohibited or illegal activities;
- take actions to protect the interests of you or other users;
- defend the rights or property of Zuid-Limburg Bereikbaar, the municipality of Maastricht, Mobidot or other third parties;
- to execute this privacy statement.
You are responsible for sharing or showing information that you obtain from the #posifiets app. We can never be responsible for the use, misuse, collection or disclosure of information outside of the #posifiets app.
The information collected is not transferred outside the European Union.
To protect the personal data, we have taken measures in accordance with Article 32 GDPR. We take administrative, process, technical and physical measures to protect personal data against misuse, as well as unauthorized access, disclosure, alteration and destruction. We perform a Data Protection Impact Assessment (DPIA) on a regular basis.
- All Personal Data is stored and processed in a reliable, well-secured Data Center in the Netherlands with physical and logical access security, including organizational control. The processor uses Datacenter facilities of the Dutch company Previder (www.previder.nl). This data center is ISO 27001, 14001 and 9001 certified. In the context of privacy and data protection, the processor (Mobidot) has concluded appropriate contracts with Previder.
- Logical and physical access control to the ICT systems. The processor has digitally secured its system environment with a hardware firewall and monitors its system environment for unauthorized access and intrusion. We will take all reasonable steps to prevent unauthorized physical and digital access to our system environments and data by unauthorized persons. We do this, among other things, by equipping our system environments with recent operating systems and the latest (security) patches, which are recommended and supported by the suppliers for use in our system environments. In connection with the reliable use of the software used, we also strive for the optimal combination of all software components used.
- The communication between apps, data processing infrastructure and websites takes place via secure connections.
- We oblige our processors to process your personal data properly and carefully. We guarantee that our staff and anyone else engaged by us will comply with the provisions of the AVG, or the provisions of the Exemption Decree and the provisions of the municipality of Maastricht, if and insofar as they are involved in any way with the processing of personal data. Management of our system environments is carried out and monitored by authorized administrators employed by the companies involved, bound by an integrity contract and non-disclosure agreement;
- Only a limited group of administrators designated for this purpose within the project organization has access to the system environment. These administrators, who are authorized by administrators of the processor to be able to change certain settings, to make changes and/or to generate certain statistical overviews within the #posifiets app, each receive their own unique user ID and associated password.
- Data leaks are proactively reported by us to the person responsible and the Dutch Data Protection Authority.
- Security incidents can be reported at any time to support@#posifiets-app.nl.
If you believe that the use of your personal information is inconsistent with the purpose for which you provided it to us, as described in this privacy statement, or if you have any questions or suggestions regarding this privacy statement, you may contact us at support@#posifiets-app.nl. If desired, you can also contact the Data Protection Officer of Zuid-Limburg Bereikbaar via email@example.com.
If you believe that we are not handling your complaint correctly, you can always use your right to submit a complaint to the Dutch Data Protection Authority or to appeal to a competent court.
The Mobidot systems have been put together as carefully as possible and follow the current safety requirements. However, there may be a vulnerability that is not yet known to us. We ask users, researchers or ethical hackers to help prevent abuse and increase the security of our ICT systems. If a security problem is encountered on Mobidot's systems or unsecured information is found, please report this first and only via firstname.lastname@example.org. We will keep the reporter informed about the handling of the report.
We reserve the right to change this privacy statement from time to time. We do not limit your rights under this privacy statement without your consent. This also means that the rules for existing data cannot be changed and an amended privacy statement only applies to newly collected data. We will post changes to this privacy statement on this website and, if the changes are significant, we will provide a more prominent notice to you.
Do you have questions after reading this privacy statement? Or do you have questions about how we handle your personal data? Please feel free to contact us:
- Mobidot B.V. (the processor): email@example.com.
- Zuid-Limburg Bereikbaar (the person responsible): firstname.lastname@example.org.
Last modified: July 2023