Privacy Policy

1. Introduction

1.1. This Privacy Policy provides information about how Pedaly AB (Reg. No.: 559243–7999) ("Pedaly") handles and processes personal data, as well as the rights of data subjects.

1.2. This Privacy Policy is designed to ensure that Pedaly processes personal data in accordance with the General Data Protection Regulation ("GDPR") based on the principle of accountability. The policy applies to all processing of personal data, both in structured and unstructured formats.

1.3. Pedaly AB is the data controller for the processing carried out by or on behalf of Pedaly and is responsible for ensuring that such processing is in compliance with this Privacy Policy and GDPR.

1.4. By contacting Pedaly, using the Pedaly mobile application ("the Pedaly app"), or entering into an agreement with Pedaly regarding any of the services or products offered, personal data may be processed in accordance with this Privacy Policy and GDPR.

1.5. Pedaly updates this Privacy Policy as needed and reviews its content at least once (1) per year to ensure that the information is up to date and in line with our processing activities. The latest version is always available at: www.pedaly.se/privacy.

2. Definitions

2.1. Personal Data: Any information relating to an identified or identifiable natural person. Examples include name, personal ID number, address, phone number, and email address.

2.2. Data Processing: Any operation performed on personal data, such as collection, registration, storage, structuring, etc.

2.3. Data Subject: The individual who can be directly or indirectly identified by the personal data.

2.4. Website: www.pedaly.se

3. Legal Basis for Data Processing

3.1. Under GDPR, a legal basis is required for processing personal data. Pedaly bases its processing mainly on four legal grounds: Contract, Legal Obligation, Consent, and Legitimate Interest.

3.2. Contract: This is the primary legal basis used. Pedaly processes data as necessary to fulfill its contractual obligations.

3.3. Legal Obligation: Pedaly may process personal data when required to do so by law.

3.4. Consent: The data subject may voluntarily and actively consent to the processing of their data for specific purposes. Consent can be withdrawn at any time via app settings or by contacting Pedaly support. Processing will cease as soon as possible upon withdrawal.

3.5. Legitimate Interest: Pedaly may process personal data to market its products/services, improve user experience, and protect its rights and property.

4. What Personal Data Pedaly Processes

4.1. Pedaly primarily processes the following personal data: name, personal ID number, phone number, email address, payment details, and any personal data provided by users or individuals in contact with Pedaly. We also process data generated from use of our services, such as bookings, location data, session duration, and usage data from app functions.

4.2. Technical data may also be processed via cookies or the mobile application, such as the user's IP address, GPS-based location (with permission), device information, app version, and usage behavior (e.g., clicks, navigation, session time).

5. Purpose of Processing Personal Data

5.1. Pedaly processes personal data primarily for the following purposes:

• Fulfilling contractual obligations (Legal Basis: Contract)

• Providing products and services, including booking and usage of bike parking or bike share (Legal Basis: Contract)

• Enabling app functions such as push notifications, map services, and QR-code unlocking (Legal Basis: Contract/Consent)

• Sending parking reminders via push, SMS, or email (Legal Basis: Contract/Legitimate Interest)

• Performing direct marketing (Legal Basis: Legitimate Interest)

• Improving user experience and analyzing app behavior (Legal Basis: Legitimate Interest)

• Collecting user feedback to improve our services (Legal Basis: Legitimate Interest)

• Complying with legal obligations (Legal Basis: Legal Obligation)

• Preventing fraud and ensuring technical functionality (Legal Basis: Legitimate Interest and Legal Obligation)

6. How Pedaly Collects Personal Data

6.1. Pedaly collects personal data through interactions such as phone, email, contact forms, or when using the Pedaly app.

7. Where Personal Data is Stored

7.1. Pedaly strives to store all personal data within Sweden and the EU.

8. Retention Period

8.1. Personal data is only retained for as long as necessary for the purposes for which it was collected.

9. Sharing of Personal Data

9.1. Pedaly may share personal data with subcontractors acting as data processors for the delivery of services. Sharing is done only to the extent necessary. Personal data is never shared with third parties for marketing purposes without the data subject’s explicit consent.

10. Rights of the Data Subject

10.1. Data subjects have the right to:

• Have inaccurate personal data corrected

• Have personal data erased

• Object to data processing

• Request restriction of processing

• Request access to data in a structured, machine-readable format

11. Security Measures

11.1. Pedaly employs technical and organizational security measures to protect personal data from unauthorized access and misuse.

12. Data Incidents and Complaints

12.1. If a data subject has a complaint, they may contact Pedaly’s data protection representative or the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

12.2. Pedaly’s contact person for privacy matters:

Name: Ali Taleb
Email: ali.taleb@pedaly.se
Phone: +46 73 988 96 84