1. Introduction
The purpose of this policy is to ensure that My Bike Coin processes personal data in compliance with data protection laws, including the General Data Protection Regulation (GDPR).
This policy applies to all employees, contractors, and third parties who have access to personal data.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation or set of operations performed on personal data (e.g., collection, storage, modification, deletion).
  • Data Controller: The organization that determines the purposes and means of processing personal data.
  • Data Processor: A person or organization that processes data on behalf of the Data Controller.

3. Data Protection Principles
MyBikeCoin is committed to processing personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency.
  • Data collected for specified, explicit, and legitimate purposes.
  • Data minimization (only what is necessary).
  • Accuracy and keeping data up-to-date.
  • Limiting storage to the period necessary for processing.
  • Ensuring the security of personal data through appropriate technical and organizational measures.

4. Data We Collect
We may collect the following types of personal data:

  • Personal Information: Name, surname, email address, physical address, IP address.
  • Payment Information: For processing transactions (if applicable).
  • Location and Activity Data: Data collected through third-party integrations such as Strava. We collect mileage data from users who connect their Strava accounts to our platform.
  • Wallet Information: In cases where users need to open a Bike Coin wallet, we use Xumm solely for that purpose.

5. Purpose of Data Collection
We process personal data for the following purposes:

  • To fulfill contractual obligations and provide our services.
  • To enhance and personalize user experience.
  • For marketing activities (with user consent).
  • To comply with legal obligations and ensure security.

6. Legal Basis for Processing
We process personal data based on the following legal grounds:

  • User consent.
  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests of [Your Company/Organization Name].

7. How We Protect Your Data
We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption and secure servers.
  • Restricted access to personal data (only authorized personnel).
  • Regular security updates and testing.

8. Your Rights
You have the following rights regarding your personal data:

  • Access to your personal data.
  • Correction of inaccurate or incomplete data.
  • Deletion of your data ("right to be forgotten").
  • Restriction of data processing under certain conditions.
  • Data portability, allowing you to request a transfer of your data to another service provider.
  • Objection to the processing of your data.

9. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law.

  • For example, personal data may be retained for up to 5 years after the end of the service, unless legal requirements stipulate otherwise.

10. Sharing Data with Third Parties
We do not share personal data with third parties without user consent, except when required by law or necessary to provide our services.

  • We collect mileage data through Strava integration when users link their accounts. This data is used solely to track user activity and improve service offerings.
  • Xumm is used exclusively for opening Bike Coin wallets. No additional personal data is collected or processed through Xumm beyond what is necessary for wallet creation.

11. International Data Transfers
If we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other legally approved mechanisms.

12. Data Breach Notification
In the event of a data breach that poses a risk to personal data, we will notify the relevant supervisory authority and affected individuals within 72 hours, as required by law.

13. Contact Information
For any questions regarding data protection, please contact:
MyBikeCoin
Email: [info@mybikecoin.com]
Person: MyBikeCoinAdmin (Marjan)

14. Changes to This Policy
We may update this Data Protection Policy from time to time. Significant changes will be communicated through [email, our website, etc.].