PRIVACY POLICY

Introduction

Bike It International Limited, referred to as “Bike It”, “our”, “we”, or “us”, respects your privacy and are committed to protecting your personal data. This privacy notice informs you how we look after your personal data when you visit our website (regardless of where you visit it from) and tells you about your privacy rights and how the law protects you. By using the site, you are accepting the practices described in this privacy policy.

Important Information and who we are

This privacy notice aims to give you information on how Bike It collects and processes your personal data through your use of this website, including any data you may provide through this website.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements any specific notices and is not intended to override them.

With respect to information collected from this website, Bike It are the data controller and responsible for this website.

We are also a data processor with respect to third-party data provided to us by our customers and processed in accordance with their instructions. Where Bike It are the data processor, you should make any requests for information or to exercise your rights directly to the data controller.

Changes to the privacy policy and your duty to inform us of changes

Our privacy policy is under regular review and any updates will be published at this URL. Please review the policy regularly to keep up to date with 
changes.

It is important that the personal data we hold about you is accurate and up to date. It is your responsibility to update us of any changes to your personal data during your relationship with us.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. By clicking on the links or enabling the connections, it may allow third parties to collect or share data about you. We have no control over the third-party websites and are not responsible for their privacy statements. It is recommended that you read the privacy notice of every website you visit.

How to Contact Us

If you have any questions about this privacy policy, including any request to exercise your legal rights, please contact us using the detail below.

Data Privacy, Bike It International Limited, Unit 9 Oriana Way, Nursling Industrial Estate, Southampton, Hampshire, SO16 0YU

[email protected]

We would appreciate the chance to deal with any concerns, so please contact us in the first instance.

The types of personal data we collect and use

• Identity and Contact Data including contact information (e.g. billing address, shipping address, email address, home and mobile telephone numbers, 
username, full name, title)
• Financial Data (e.g. Bank account and payment card details)
• Transaction Data (e.g. Details about payments to and from you and other details of products and services you have purchased from us)
• Profile Data (e.g. username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses)
• Usage Data (e.g. How you use our website, products and services)
• Communication and Marketing Data (e.g. Your communication preferences and your preferences for receiving marketing from us and our third parties)

We also collect aggregated data, which may be derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case we may need to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Automated decision making and processing

As you interact with our website, we may automatically collect usage data about your equipment, browsing actions and patterns. We collect this personal data using cookies, server logs and other similar technologies. We may also receive usage data about you if you visit other websites employing our cookies.

Cookies

We may set and access Cookies on your computer. First-party Cookies that may be placed on your computer are detailed in Schedule 1, and third-party Cookies that may be placed on your computer are detailed in Schedule 2. All Cookies used by the Web Site are used in accordance with current UK and EU Laws.

We have carefully chosen these Cookies and use them to facilitate certain functions and features of the Web Site. We also use Cookies for analytics 
purposes. These Cookies track your movements and activities on the Web Site and are designed to give us a better understanding of our users, thus 
enabling us to improve the Web Site and our services. Before the Web Site sets Cookies on your computer, you will be presented with a message 
requesting your consent to set those Cookies. None of the Cookies set by the Web Site jeopardise your privacy in any way and no personal data is collected. By giving your consent to the setting of our Cookies you are enabling us to provide the best possible experience and service to you through our Web Site. If you wish to deny your consent to the placing of Cookies, certain features of the Web Site may not function fully or as intended.

Certain features of the Web Site depend upon Cookies to function and are deemed, within the law, to be strictly necessary. These Cookies are detailed in Schedule 1. You will not be asked for your consent to place these Cookies however you may still disable cookies via your web browser’s settings. You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling Cookies may prevent you from using the full range of Services available on the Web Site. You may delete Cookies at any time however you may lose any information that enables you to access the Web Site more quickly.

The Web Site uses the third-party Cookies detailed in Schedule 2 for the purposes described therein. These Cookies are not integral to the services 
provided by the Web Site to you and may be blocked at your choosing via your internet browser’s privacy settings or via your response to the request for consent. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the 
developer of your browser if you are unsure as to how to adjust your privacy settings.

Schedule Schedule 1: Strictly Necessary Cookies
O2CAllowCookies – Stores cookie opt in/out settings
Schedule 2: Third-Party Cookies
__utma (Google) – Google Analytics
__utmb (Google) – Google Analytics
__utmc (Google) – Google Analytics
__utmt (Google) – Google Analytics
__utmz (Google) – Google Analytics

Using your personal data: the legal basis and purposes

We’ll process your personal data:

1) As necessary to perform our contract with you for the relevant account, policy or service:

a) To take steps at your request before entering into it;

b) To decide whether to enter into it;

c) To manage and perform that contract;

d) To update our records;

e) To trace your whereabouts to contact you about your account and recovering debt.

2) As necessary for our own legitimate interests or those of other persons and organisations, e.g.:

a) For good governance, accounting, and managing and auditing our business operations;

b) To search at credit reference agencies if you apply for credit;

c) To monitor emails, calls, other communications, and activities on your account;

d) For market research, analysis and developing statistics;

e) To send you marketing communications, including automated decision making relating to this

3) As necessary to comply with a legal obligation, e.g.

a) When you exercise you rights under data protection law and make requests;

b) For compliance with legal and regulatory requirements and related disclosures;

c) For establishment and defence of legal rights;

d) For activities relating to the prevention, detection and investigation of crime;

e) To verify your identity, make credit, fraud prevention and anti-money laundering checks;

f) To monitor email, calls, other communications, and activities on your account

4) Based on your consent, e.g.

a) When you request us to disclose your personal data to other people or organisations, such as a company handling a claim on your behalf, or otherwise
agreed to disclosures;

b) To send marketing communications where we have asked for your consent to do so.

You are free at any time to change your mind and withdraw your consent. The consequences might be that we can’t do certain things for you.

Sharing of your personal data

Subject to applicable data protection law, we may share your personal data with:

• Subcontractors and other persons who help us provide our products and services;
• Companies and other services providing services to us;
• Our legal and other professional advisors, including our auditors;
• Fraud prevention agencies, credit reference agencies, and debt collection agencies when we open your account and periodically during your account or
service management;
• Other organisations who use shared databases for manage/collect arrears;
• Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators);
• Courts, to comply with legal requirements, and for the administration of justice;
• To protect the security or integrity of our business operations;
• When we restructure or sell our business or its assets or have a merger or re-organisation;
• Market research organisations who help to improve our products or services;
• Payment systems (e.g. processing payments);
• Anyone else where we have your consent or where it is required by law.

Your marketing preferences and related searches

We’ll use your addresses, phone numbers, email addresses and social media (e.g. Facebook and message facilities in other platforms) to contact you 
according to your preferences. You can change your preferences or unsubscribe at any time by contacting us. In the case of social media messages, you can manage your social media preferences via that social media platform.

If you have previously told us that you do not want information on products or services or to be included in market research, we will continue to respect your wishes.

Criteria used to determine retention periods

The following criteria are used to determine data retention periods for your personal data:

• Retention in case of queries. We will retain your personal data as long as necessary to deal with your queries;
• Retention in case of claims. We will retain your personal data as long as you might legally bring claims against us;
• Retention in accordance with legal and regulatory requirements. We will retain your personal data after your account has been closed or has otherwise
come to an end based on our legal and regulatory requirements.

Your legal rights

Where we are the data controller you have the following rights in relation to your personal data, (note that these rights do not apply in all circumstances).

• The right to request access to your personal data and information about how we process it;
• Rights in relation to automated decision making.
• The right to be informed about our processing of your personal data;
• The right to object to processing of your personal data;
• The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed.
• The right to restrict processing of your personal data;
• The right to move, copy or transfer your personal data (“data portability”);
• The right to have your personal data erased (the “right to be forgotten”)

If you wish to exercise any of the rights set out above, please contact us. Where we are the data processor, you should make your request directly to the data controller.

Usually you will not have to pay a fee to access your personal data, or to exercise any of the other rights, however we reserve the right to charge a 
reasonable fee if your request is excessive, repetitive or clearly unfounded. Alternatively, we may refuse to comply with your request in these 
circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data, or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests, where we are the data controller, within 30 days. Occasionally it may take us longer if your request is 
particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, the Information Commissioner’s Office in the UK. https://ico.org.uk

Change of purpose

We will use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or 
permitted by law.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed or used in an 
unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on our instructions, where we are the data controller, or on the data controller’s instructions, when we are the data processor, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.