PRIVACY POLICY
Last modified: 24.05.2018
Date of entry into force: 25.05.2018 The privacy of RISER's users is very important to us. In this Privacy Policy, RISER explains the basic principles, such as what information RISER collects and how RISER deals with users' information.
The most important points:
- Every user has the option of determining to whom the information he uploaded or created with RISER, is visible. Depending on these settings, information can therefore be publicly visible to every registered user on RISER.
- The protection of data and information of RISER's users is very important to us. Therefore, RISER provides various options or settings by means of which the user can opt for a respective privacy setting.
- RISER is always working on integrating more privacy / privacy settings into the mobile app as well as the web platform.
- Information aggregated by RISER may be used for business purposes and will be anonymized.
At RISER, we respect the privacy of all users and are therefore always concerned about the security of information transmitted by users to the RISER platform (mobile applications & website).
In this privacy policy RISER explains:
- which data and information RISER collects
- how this data is used and shared
- which privacy settings are available to the user
- which rights the user has in regards to the use of RISER
This Privacy Policy has been written in German and translated into other languages. The legal basis is therefore exclusively the German version of this privacy policy.
Questions regarding this Privacy Policy can be sent via e-mail to privacy@riserapp.com or by post to the address below. RISER strives to answer any questions as quickly as possible.
Headquarters:
RISER GmbH
Franz-Josefs-Kai 49/22
1010 Vienna, Austria
In the following Privacy Policy, all services and platforms as well as the mobile applications, the website and also the blog developed and provided by RISER are meant where the term “RISER”, “website” or “platform” are being used. “RISER” means the company, RISER GmbH, too.
1. GENERAL & LEGAL BASIS
1.1 RISER is an online platform whose services are based on the collection and publication of motorcycle-based data within the RISER platform (web) riserapp.com and the mobile application. Subsequently, the mobile application and the web platform / website are summarized as a platform. This information is collected from individual users and made available to other users on the platform. The processing of data and information takes place only with the consent of the user.
1.2 The GDPR becomes effective on May 25, 2018 and provides a clarification of the RISER GmbH and its services with regard to the legal basis of data processing in accordance with Article 13 of the GDPR. Unless otherwise specified, the basis for obtaining consent is Article 6 (1)(a) and Article 7 GDPR. The processing for the fulfillment of RISER's services and services as well as the execution of contractual measures and the answering of inquiries is subject to Art. 6 (1) (b) and the legal basis for processing to fulfill RISER's legal obligations is Article 6 (1) (c) GDPR. The legal basis for processing in order to ensure RISER's legitimate interests is Article 6 (1) (f) GDPR.
Art. 6 (1) (d) GDPR provides the legal basis for the processing of personal data in case essential interests of the user make this necessary.
2. DATA SECURITY MEASURES
Safety is a big issue for RISER and therefore RISER deals with the data of RISER's users with the utmost care. This means that RISER protects all data and information by using the latest technologies against loss, unauthorized manipulation and access by unauthorized persons.
2.1 For security reasons, among other things, all data and information is encrypted during transmission between browser, client (smartphone) and server. Backups of the data reduce the risk of data loss.
3. PURPOSE OF DATA PROCESSING AND LEGITIMATE INTERESTS
The storing and evaluation of the collected data serves the continuous enhancement of the mobile services and furthermore the expansion of functions and services of the mobile application and online platform riserapp.com.
3.1 RISER processes the data and information of RISER's users in order to pursue RISER's legitimate interests. As already mentioned in 1.2, the legal basis for pursuing RISER's legitimate interests is Article 6 (1) (f).
3.2 In order to be able to provide RISER's services and to constantly expand and extend them, it is necessary to process user data. This is done in the legitimate interest of RISER in order to be able to offer its users long-term new and innovative functions and services. While RISER endeavors to apply reasonable security to the sensitivity of the information, RISER can not fully guarantee the security of such information with respect to theft, erasure or manipulation by unauthorized persons.
3.3 In addition, user data can be processed to ensure the security of the platform and to protect against spam and abuse.
4. DATA COLLECTED BY RISER
4.1 RISER collects location data recorded by the user during a trip as well as the information voluntarily provided by the user regarding his activities, such as: Descriptions, information on weather, length, duration, etc., to evaluate, prepare and present them to the user. Furthermore, it is also possible for the user to endorse his own motorcycle models on his profile and to link them with activities.
4.2 The information requested by RISER during registration includes:- First and Last Name
- E-mail address
- Date of birth (optional)
- Gender (optional)
- Own motorcycle (optional)
- Activity-related data such as
- Location data (GPS)
- Sensor data
- Length and duration of an activity
- Additional optional activity information such as:
- Title
- Description
- Marked friends
- User-specific weather information
- Photos
4.4 In order to be able to use location-based services of the mobile application, RISER stores the data collected, evaluates it and makes it available to the user within the app as well as on the web platform (riserapp.com).
Depending on the user-selected privacy setting, this information may only be seen by him, his friends, or the entire RISER community (private, friends & public).
The user has the option to make the desired privacy setting when completing an activity / trip or creating a section. The sharing of content on the third party platform Facebook takes place exclusively with the consent of the user or by hand selecting the sharing function.
- First and Last Name
- Profile picture (optional)
- Cover image (optional)
- Friends list
- Motorcycle (optional)
4.6 By registering, the user agrees to the RISER Terms of Service and Privacy Policy.
5. COMMENTS, CONTRIBUTIONS AND LIKE INFORMATION
5.1 User-submitted comments on trips, sections and motorcycles on the website and mobile applications are stored including the IP address of the user.
5.2 Posted comments or posts and conversations in Getaways are also stored including the IP address of the user.
5.3 Like - statements will be saved as well as comments and posts including IP address.
5.4 The storage of the IP address is necessary to maintain security and can be evaluated as a result of violations of the Terms of Service, for example, by offensive, inflammatory or illegal comments. Thus, RISER can ensure that the identity of the author is granted and legal certainty is ensured in the event of a legal breach.
6. STORAGE DURATION
The collected data will not be stored longer than necessary for the above mentioned purposes. By deleting a user account, all individual related data will be erased if the storing of personal data is no longer required due to enforcement of the terms of service or due to compliance of legal requirements.
7. PRIVACY LEVELS / PRIVACY SETTINGS
7.1 Every user has the possibility to decide, which user groups have access to activities/trips and the related data. Before saving an activity/trip or a section, the user can set the privacy level to one of the following three values:
7.1.1 Public: Every registered user on RISER is able to see activities/trips that were finished and uploaded to the server including all the connected data and information for this activity/trip (title, description, locations, photos, tagged friends etc.).
7.1.2 Friends: Every user who is in direct friendship to the creator of an activity/trip or section is able to see activities/trips that were finished and uploaded to the server including all the connected data and information for this activity/trip (title, description, locations, photos, tagged friends etc.).
7.1.3 Private: Only the user and creator of an activity/trip or section is able to see that activity/trip or section with the collected data and all related information (title, description, locations, photos, tagged friends etc.).
7.2 Every user has the possibility to decide, which user groups have access to a created getaway and the related data. Before saving a getaway, the user can set the privacy level to one of the following three values:
7.2.1 Public: Every registered user on RISER is able to see and join a created getaway including all the connected data and information for this getaway (title, description, date, attendees, meeting point etc.).
7.2.2 Friends: Every user that is in direct friendship to the creator of the respective getaway is able to see and join a created getaway including all the connected data and information for this getaway (title, description, date, attendees, meeting point etc.).
7.2.3 Private: Only the users that are invited by the creator of that respective getaway is able to see and join a created getaway including all the connected data and information for this getaway (title, description, date, attendees, meeting point etc.).
7.3 Live Tracking allows users who have an active PRO-membership to share their current location on a web-based platform. When activating Live-Tracking, RISER creates a link that the user can then share with different persons, groups or platforms via different message channels (SMS, iMessage, WhatsApp, Facebook etc.)
7.3.1 With whom the user shares this link lies in their own responsibility. RISER assumes no liability concerning the accuracy or completeness of the data of registered users.
7.3.2 The user themself is responsible for their actions and commits themself to hold RISER harmless at any rate.
7.4 reWind allows the user to relive an already finished trip on an interactive 3D map (web-based). Furthermore the user can share this reWind via a created Link. RISER creates a link that the user can then share with different persons, groups or platforms via different message channels (SMS, iMessage, WhatsApp, Facebook etc.).
7.4.1 With whom the user shares this link lies in their own responsibility. RISER assumes no liability concerning the accuracy or completeness of the data of registered users.
7.4.2 The user themself is responsible for their actions and commits themself to hold RISER harmless at any rate.
8. USE OF INFORMATION & PASSING INFORMATION TO THIRD PARTIES
By registering on RISER, the user explicitly agrees to the terms of service and this privacy policy. Furthermore the user confirms, that they have read, understood and fully accept the terms of service and the privacy policy. The user agrees that RISER is authorized to use personal data for RISER internal purposes.
A transmission of user data to third parties (companies or persons) in the context of the processing of data occurs on the basis of RISER's legitimate interests, the consent of the user, a legal obligation or on the basis of a legal permission in accordance with Art. 6 (1) (b) GDPR.
RISER pays close attention to the selection of third parties regarding data processing. The commissioning of third parties happens accordingly to Art. 28 GDPR and a data processing agreement.
9. PROCESSING IN THIRD COUNTRIES
9.1 The processing of data and information in third countries is based on the protection of RISERs legitimate interests, the consent of the user, a legal obligation or a contractual obligation.
Basis for the processing of data in a third country is the presence of special conditions adapted to the sensitivity of the data. The basis for this is Art. 44 ff. GDPR. This can be regulated, for example, via separate data protection agreements such as the US "Privacy Shield".
A third country in this context is the country outside the European Union or the European Economic Area, and in connection with this also the processing of the data takes place outside the EU or the EEA.
A transmission of user data to third parties (companies or persons) for the purpose of data processing happens on the basis of RISERs legitimated interests, the consent of the user, a legal obligation or on the basis of a legal permission according to Article 44 (ff) GDPR.
10. PROTOCOL DATA
10.1 Based on RISER’s legitimate interest in accordance with Art. 5 (1) (f), RISER collects and saves so-called log or protocol data. This data includes information such as server name, date and time of the call of a service, transmission status, IP address, device information such as browser type and version of the user's operating system & a referrer URL. This log data will be stored a maximum of 30 days after creation, unless a longer storage is necessary for useful reasons (clarification of a problem or for evidence).
11. USER REQUEST & CONTACT
11.1 If the user contacts RISER (via email or social media), this information will be provided in accordance with Art. 6 (1) (b) GDPR for processing the request and can also be stored in a Customer Relationship System (CRM) or comparable organization structure. If no longer required, this data will be deleted.
12. GOOGLE ANALYTICS
12.1 The online platform www.riserapp.com uses the Google Analytics service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, in the legitimate interest (pursuant to Article 6 (1) (f) GDPR) and for the continuous improvement of the web platform and for gathering user statistics. All relevant information regarding the visit on the platform as well as the IP address is stored in a cookie (see point 15) and transmitted and stored on a Google server located in the USA. RISER uses Google Analytics with activated IP anonymization. In this case, the IP address of users within the European Union or other parties to the Agreement, are shortened by Google. Google uses this data on RISER's behalf and creates user profiles. Google Analytics provides RISER with the evaluation of this data. The transmitted data (IP address) will not be connected to any other Google data.
Google Inc. is certified under the Privacy Shield Agreement, thus ensuring compliance with European data protection law. Details and current status can be found under the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
12.2 The storage of cookies can be prevented by setting the right preferences within your browsing software. Disabling of cookies can lead to a limited functionality and is therefore not recommended.
By installing the following browser plug-in http://tools.google.com/dlpage/gaoptout?hl=en users of common browsers can prevent the participation in the evaluation by Google Analytics.
For more information about Terms of Use and Privacy, please visit https://www.google.com/analytics/terms/us.html or https://www.google.com/intl/en/policies/.
13. FABRIC
13.1 RISER uses the developer tool Fabric in the mobile applications for evaluating usability and user interaction within the app. Fabric is a tool of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google's privacy policy can be viewed at the following link: https://www.google.com/policies/privacy
The Fabric Terms and Conditions are available at the following link: https://fabric.io/terms
The use of fabric is based on the legitimate interest (analysis, development, improvement, optimization, security) of RISER acc. Art. 6 (1) (f) GDPR and serves to constantly improve the mobile application and associated services and functionalities. For the evaluation of the interaction RISER uses the tool Crashlytics. Crashlytics provides information about the use of the app and useful information about unforeseen crashes or other misbehavior of the application and helps RISER to correct any errors.
Google Inc. is certified under the Privacy Shield Agreement, thus ensuring compliance with European data protection law. Details and current status can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
14. FIREBASE
14.1 RISER uses the developer tool Firebase in the mobile applications for evaluating usability and user interaction within the app. Firebase is a tool of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google's privacy policy can be viewed at the following link: https://www.google.com/policies/privacy
The Firebase Terms and Conditions are available at the following link: https://firebase.google.com/terms/
The use of Firebase is based on the legitimate interest (analysis, development, improvement, optimization, security) of RISER acc. Art. 6 (1) (f) GDPR and serves to constantly improve the mobile application and associated services and functionalities. For the evaluation of the interaction RISER uses various Firebase tool. Those provide information about the use of the app and useful information about unforeseen crashes or other misbehavior of the application and helps RISER to correct any errors.
Google Inc. is certified under the Privacy Shield Agreement, thus ensuring compliance with European data protection law. Details and current status can be found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
15. COOKIES
15.1 The online platform riserapp.com uses so-called cookies for the optimization of the user-friendliness and usability as well as for the provision of some features. Cookies are files with configuration settings that are stored on the computer and in the browser. These cookies also allow RISER to provide customized offers and to perform certain user functions. RISER differentiates between temporary cookies, which are only stored for the duration of a user's session / visit on the website, and transient cookies. Transient cookies are stored for a longer period of time and may contain information that may be useful when visiting the website again (e.g. the login status to save the user from having to log in again).
15.2 By choosing the correct settings in the used browser, the user can prevent the creation and storage of cookies. This can lead to limitations in the functionality of the platform and is therefore not recommended. A general objection to the use of cookies for marketing purposes may be made, for example, via the website http://www.youronlinechoices.com/ (EU) or http://www.aboutads.info/choices/ (USA).
16. USED PLUGINS
16.1 FACEBOOK
16.1.1 RISER uses a plugin for the integration of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304.
With this plugin it is possible to share the recorded and edited content from within the mobile application with friends on Facebook. RISER will not share any information without the user's explicit permission. In order to post any activity or trip on Facebook, the user has to activate the „Share on Facebook“ function before saving and transferring the information to the RISER server.
The Facebook plugin may also use cookies to provide the functionality. These cookies are transferred and stored on the servers of Facebook. The user’s interaction with Facebook underlies the privacy policy of Facebook, USA.
Description to plugins can be found on this website: http://developers.facebook.com/docs/plugins/.
16.1.2 Purpose and scope of data collection and the further evaluation and utilization of the data by Facebook as well as the referring rights and preferences for protection of the user's privacy, can be found on: https://www.facebook.com/about/privacy.
16.1.3 There are many tools available on the internet that can block Facebook social-plugins in your browser.
16.2 CRASHLYTICS
16.2.1 RISER uses the Crashlytics (Crashlytics, Inc.) plugin for the continuous improvement of the mobile application (iOS). If an error occurs or the app crashes unexpectedly, relevant data such as device information, iOS-version and error logs are sent to Crashlytics.
Crashlytics' privacy policy can be found at https://try.crashlytics.com/terms/.
16.3 OpenStreetMap
As a map service RISER uses the services OpenStreetMap in the mobile applications as well as on the website. The OpenStreetMap Foundation service is based on the Open Data Commons Open Database license (ODbl for short). The privacy policy of the OpenStreetMap Foundation can be found at the following link: https://wiki.openstreetmap.org/wiki/Privacy_Policy
16.4 Mapbox
RISER uses a plugin from Mapbox Inc, 740 15th Street NW, 5th Floor, Washington DC 20005 for navigation within the mobile application.
The data protection regulations of Mapbox can be viewed at the following link: https://www.mapbox.com/dpa/
16.5 YouTube
RISER embeds videos from "YouTube" in its platform. YouTube is a video platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google's privacy policy can be viewed at the following link: https://www.google.com/policies/privacy/
There is also the possibility of an opt-out procedure to prevent this. Here's the link: https://adssettings.google.com/authenticated
16.6 Sentry
RISER uses services from GetSentry LLC on its website and the web-platform for monitoring the applications. The gathered information gets transferred, processed and stored on a server from Sentry within the USA. The United States of America are classified as an unsecure third country. However, Sentry voluntarily participates and is further certified in the US-EU-data protection agreement "Privacy Shield". Sentry commits itself to satisfy the European GDPR (General Data Protection Regulation).
Sentry's terms of service and privacy policy can be found under the following link: https://sentry.io/privacy/.
17. NEWSLETTER
The user has the option to sign up for the newsletter when registering. The RISER Newsletter may contain information about RISER, new products or services or promotional information.
A registration of the user to the newsletter takes place exclusively through the explicit consent in a so-called double-opt-in procedure. The user enters his email address and must confirm the correctness of the specified e-mail address in a subsequent email. Thus RISER prevents a false registration. Registrations for the newsletter are recorded by RISER in accordance with the legal requirements and serve as proof. This information includes the registration time, confirmation time, e-mail address and IP address. The logging takes place in RISERs legitimate interest in accordance with Art. 6 (1) (f) DSGVO and serves the improvement of the contents as well as representations and to be able to offer as secure a newsletter as possible.
The dispatch of the newsletter possible usage measurement takes place according to Art. 6 Abs. 1 lit. a GDPR.
The user can terminate the receipt of the newsletter at any time. For this there is a link at the end of each newsletter with which the user can unsubscribe from the newsletter. To protect RISERs legitimate interests, RISER may store email addresses for up to 3 years before final deletion. This serves as a proof of formerly granted consent.
For sending the newsletter, RISER uses the service of the service provider SendGrid Inc., 1801 California Street, Denver, CO 80202, USA. SendGrid Inc. is commissioned to send the newsletter pursuant to Art. 6 (1) (f) DSGVO on legitimate grounds.
The privacy policy can be viewed or accessed via the following link: https://sendgrid.com/policies/tos/#data-privacy
SendGrid can use various data in pseudonymous form to optimize and improve its own services. However, user data is not used by SendGrid to send emails to users.
The terms and conditions of SendGrid Inc. are available at the following link: https://sendgrid.com/policies/tos/
To measure the use or interaction with the newsletter so-called web beacons can be used. These beacons are stored on the servers of the service provider SendGrid and contain technical information (operating system, browser type and version), time of the call as well as the IP address.
RISER uses this information to pursue legitimate interests in order to constantly adapt and optimize the newsletter in order to offer the best possible experience to the user and, as a result, adapt the newsletter to the interests of RISER users.
18. INFORMATION / CORRECTION / TRANSFER AKA RIGHTS OF THE USER
18.1 The user has the right to request information about his data processed by RISER as well as a copy of this data in accordance with Art. 15 GDPR.
18.2 In accordance with Art. 16 GDPR, the user has the right to complete and correct his data regarding any wrong data concerning him.
18.3 In accordance with Art. 17 DSGVO, the user also has the right to have data relating to him deleted by RISER immediately or to demand a restriction of the processing of the data pursuant to Art. 18 DSGVO.
18.4 The user also has the right to receive his data in accordance to Art. 20 GDPR or to request the transmission of his data to other responsible persons/companies.
19. REVOCATION
19.1 In accordance with Art. 21 GDPR, the user has the right to object to the processing of his data at any time. This revocation can also be made against the processing for the purpose of direct mail.
20. DELETION
20.1 Processed data by RISER is deleted or restricted in processing in accordance with Art. 17 and Art. 18 GDPR. The collected data will not be stored longer than necessary for the fulfillment of the above purposes and will not conflict with any statutory retention requirements. Data required for the fulfillment of legal obligations are blocked and processed only to a limited extent. This applies to commercial and tax data and information. With the deletion of the user account all personal data of the user are deleted and are irretrievable. A subsequent restoration of this data is not possible.
21. USER AGREEMENT TO THIS PRIVACY POLICY
By registering on RISER, the user confirms that they have fully read and understood the privacy policy and terms of service. Furthermore the user agrees to the complete terms and commits to always act fair within the platform.
The terms of service can be found at www.riserapp.com/terms
These policies were originally composed in german language and therefore only the German version of these policies is binding and contractual basis.
22. CHANGES OF THIS PRIVACY POLICY
The services RISER offers may change from time to time and therefore it is necessary to keep the privacy policy up to date and adapt it to fit the current needs. RISER claims the right to make changes to the privacy policy at any given time or if needed. The current version of the privacy policy will be displayed on this site www.riserapp.com/privacy.
RISER recommends for every user to regularly check for updates or changes in this Privacy Policy.
This Privacy Policy may be adapted and adjusted at any time in reference to changes in law or policy. For changes requiring the consent of the user, RISER will inform the user. Only after consent, these policies will be effective for the user.
Only the german version of the these privacy policy is binding and contractual basis.
Last modified: 24.05.2018