Privacy Policy

1. Data Controller

RRRentals ("we," "our," or "us") is the data controller responsible for your personal data.

Contact Information:

• Email: info@gethigh.studio
• Phone: +358 406 784 402
• Location: Helsinki, Espoo, Vantaa, Finland

We are committed to protecting your privacy and ensuring the security of your personal data in accordance with applicable data protection laws, including the GDPR.

2. Types of Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Identity and Contact Data

• Full name
• Email address
• Phone number
• Date of birth (for age verification)
• Government-issued ID (for verification purposes)

2.2 Rental and Usage Data

• Booking details (dates, times, locations)
• Payment information (processed securely through payment providers)
• Rental history and preferences
• Communication records (emails, messages, support requests)

2.3 Technical and Location Data

• Device information (IP address, browser type, operating system)
• Website usage data (pages visited, time spent, clickstream data)
• Bike location data (through GPS tracking devices for security and maintenance)
• Cookies and similar technologies (see Section 8)

2.4 Special Categories of Data

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). If you provide such data voluntarily, it will be processed only with your explicit consent.

3. How We Collect Your Data

We collect personal data through:

• Direct interactions: When you create an account, make a booking, contact our support, or provide feedback
• Automated technologies: When you interact with our website (cookies, analytics)
• Third parties: From payment processors, business partners, or publicly available sources (where permitted by law)
• Bike tracking systems: Location data from GPS devices installed on our bikes for security and operational purposes

4. Purposes and Legal Basis for Processing

We process your personal data based on the following legal grounds:

4.1 Contractual Necessity

To fulfill our rental agreement with you:

• Processing bookings and payments
• Providing the rented bike and related services
• Managing your account and rental history
• Communicating about your rental (confirmations, updates, reminders)

4.2 Legitimate Interests

To operate and improve our business:

• Website analytics and optimization
• Preventing fraud and ensuring security
• GPS tracking for bike security and recovery
• Marketing our services (where you have not opted out)
• Customer service and support improvements

4.3 Legal Obligations

To comply with legal requirements:

• Tax and accounting records
• Reporting to authorities (where required by law)
• Enforcing our Terms and Conditions

4.4 Consent

For specific purposes where you have given explicit consent:

• Marketing communications (email newsletters, promotional offers)
• Processing of special categories of data (if provided)
• Non-essential cookies

5. Data Sharing and Third Parties

We may share your personal data with:

5.1 Service Providers

• Payment processors: To handle secure transactions
• Cloud hosting providers: For website and data storage
• Communication platforms: For emails and notifications
• Analytics providers: For website usage analysis
• Maintenance partners: For bike servicing and support

All service providers are contractually obligated to protect your data and may only process it for specified purposes.

5.2 Legal and Regulatory Authorities

We may disclose your data when required by law, regulation, or legal process, or to protect our rights, property, or safety, or that of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to confidentiality protections.

5.4 International Transfers

Your data is primarily processed within the European Economic Area (EEA). If transferred outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses or adequacy decisions.

6. Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Account data: 5 years after last activity or account closure
• Booking and payment records: 7 years for tax and accounting purposes
• GPS location data: 30 days (for operational and security purposes only)
• Marketing consent: Until withdrawal of consent or 2 years after last interaction
• Cookies: As specified in our Cookie Policy (typically 1-24 months)

After retention periods expire, data is securely deleted or anonymized.

7. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of sensitive data in transit and at rest
• Secure access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection and privacy
• Incident response and breach notification procedures

While we strive to protect your data, no transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

8.1 Essential Cookies

• Required for website functionality (e.g., session management, authentication)
• Cannot be disabled without affecting website operation

8.2 Analytics Cookies

• Help us understand how visitors use our website
• Collect anonymous information about page views, navigation patterns
• Can be managed through your browser settings

8.3 Marketing Cookies

• Used to deliver relevant advertisements
• Require your explicit consent

You can manage cookie preferences through your browser settings or our cookie consent tool (if available).

9. Your Data Protection Rights

Under GDPR, you have the following rights:

9.1 Right to Access

You can request a copy of your personal data we hold (subject to verification).

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to Be Forgotten")

You can request deletion of your data, subject to legal exceptions.

9.4 Right to Restriction of Processing

You can request temporary restriction of processing in certain circumstances.

9.5 Right to Data Portability

You can receive your data in a structured, commonly used format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9.8 Right to Lodge a Complaint

You have the right to complain to the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe we have violated data protection laws.

10. GPS Tracking and Location Data

Our bikes are equipped with GPS tracking devices for:

• Security: Theft prevention and recovery
• Safety: Emergency location services
• Operational efficiency: Maintenance scheduling and bike availability
• Customer service: Assistance if you get lost or need help

10.1 What We Track

• Bike location (latitude, longitude)
• Movement patterns (for security and operational purposes only)
• Bike status (in use, available, maintenance)

10.2 What We Do Not Track

• We do not continuously monitor personal movement patterns
• We do not use location data for profiling or marketing without consent
• We do not share precise location data with third parties except for security or legal reasons

10.3 Retention of Location Data

GPS location data is retained for 30 days only, unless needed for security investigations or legal requirements.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The "Last Updated" date at the top indicates when changes were made. We will notify you of significant changes via email or website notice. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries or to exercise your rights: