GDPR Compliance

Welcome to our GDPR Compliance page. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those outside the EU that offer goods or services to EU residents.

How We Comply

We take GDPR compliance seriously and have implemented measures to ensure:

Transparent Data Processing: We clearly communicate what personal data we collect and how we use it
Legal Basis for Processing: We only process your data when we have a legal basis to do so
Data Minimization: We only collect data that is necessary for our services
Data Security: We implement appropriate technical and organizational measures to protect your data
Data Retention: We only keep your data for as long as necessary
Third-Party Management: We ensure our service providers also comply with GDPR

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request access to your personal data that we hold. You can request a copy of your data at any time.

2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances, such as:

The data is no longer necessary for the purposes it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

4. Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain situations:

You contest the accuracy of the data
The processing is unlawful but you don't want the data erased
We no longer need the data but you need it for legal claims
You have objected to processing and verification is pending

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Data We Collect

For our bike registry service, we collect and process the following types of data:

Account Information

Name
Email address
Password (encrypted)
Phone number (optional)

Bike Information

Serial numbers
Bike descriptions (brand, model, color, etc.)
Photos
Purchase receipts
Registration dates
Ownership transfer history

Usage Data

Search queries
Access logs
IP addresses
Device information

How We Use Your Data

We use your personal data for the following purposes:

Service Provision: To provide and maintain our bike registry service
Communication: To contact you about your account and service updates
Security: To protect against theft and verify ownership
Legal Compliance: To comply with legal obligations
Service Improvement: To analyze and improve our services

Data Sharing

We do not sell your personal data. We only share your data with:

Law Enforcement: When legally required or to prevent fraud
Service Providers: Third parties who help us operate our service (hosting, analytics, etc.)
Bike Ownership Transfers: When you initiate a transfer, relevant bike data is shared with the new owner

Data Security

We implement industry-standard security measures including:

Encryption of sensitive data (passwords, payment information)
Secure HTTPS connections
Regular security audits
Access controls and authentication
Data backup and recovery procedures

Data Retention

We retain your personal data only for as long as necessary:

Account Data: Until you delete your account
Bike Registry Data: For the lifetime of the registered bike or until you delete it
Transaction Records: As required by law (typically 7 years)
Usage Logs: Typically 12-24 months

International Data Transfers

If we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Other legally approved transfer mechanisms

Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

Changes to This Policy

We may update this GDPR compliance information from time to time. We will notify you of any significant changes by:

Posting a notice on our website
Sending an email to registered users
Updating the "Last Updated" date

Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Company: Bike Registry Oy
Business ID: 3594642-9
Email: privacy@bikeregistry.com
Contact Form: Available in your account settings

We will respond to your request within 30 days as required by GDPR.

Data Protection Officer

For questions about our data protection practices or GDPR compliance, you can contact our Data Protection Officer:

Email: dpo@bikeregistry.com

Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

For users in Finland, the supervisory authority is:

Office of the Data Protection Ombudsman
Website: https://tietosuoja.fi/en/home
Email: tietosuoja@om.fi

Last Updated: November 8, 2025

This GDPR compliance page is part of our commitment to transparency and data protection. For more information about how we handle your data, please also see our Privacy Policy and Terms of Service.