Privacy Policy

This Privacy Policy and the Terms of Sale govern the way in which Bip&Go processes its Customers’ Personal Data in accordance with French Law 78-17 of 6 January 1978 on Data Protection, the European General Data Protection Regulation 679/2016 of 27 April 2016 (“ GDPR ”), and any other national legislation (hereinafter, “ Applicable Law ”).

1. General information and Data Controller

This site is the property of Bip&Go SAS, a company with a share capital of €1,000 and registered office at 30 boulevard Gallieni, 92130 Issy les Moulineaux (NANTERRE TRADE REGISTER B 750 535 288). The publication manager is Mr. Arnaud QUEMARD, representative of SANEF and president of Bip&Go. This website is hosted on the French servers of the company OVH, the registered office of which is located at 2 Rue Kellermann 59100 Roubaix. All the data to which you have access is for information purposes only and cannot be used for commercial purposes. Under this Privacy Policy, and for the processing purposes detailed below, Bip&Go is considered the Data Controller.

2. Intellectual property

The Services, the Website and its content, including but not limited to all its graphic, visual, audio, photographic and textual elements, the architecture of the Website, and the databases that compose it (“Bip&Go Content”) are the exclusive property of Bip&Go or their respective owners. The extraction, reproduction, use and conservation of all or part of the Bip&Go Content is prohibited without express authorisation from Bip&Go. Bip&Go does not control all the sources of information to which it provides access and, considering the complexity of Data Processing, it cannot guarantee the completeness and exactness of the information that appears in Bip&Go Content or be held liable for errors and omissions in the displayed data. The creation of a hyperlink to www.bipandgo.com is subject to prior written agreement from Bip&Go. Bip&Go cannot, under any circumstances, be held liable for the information published on sites to which links have been created. This site respects copyright. All rights for protected works reproduced and communicated on this site are reserved. Unless authorised, all use of the works other than individual and private reproduction and viewing is prohibited.

3. Definitions

Under this Privacy Policy, the words and expressions mentioned hereunder will be defined as follows:

“ Customer ”: refers to any person who has subscribed to the Services offered by Bip&Go, especially via a registration process.

“ Cookie ”: a small text file issued by the publisher of the website visited and placed on the visiting computer’s hard drive (computer, smartphone, tablet, etc.), or any similar tracking technology. Cookies allow a Customer to be identified when they log on to a website and can memorise users.

“ Data ”: refers to the Personal Data processed in accordance with this Privacy Policy.

“ Personal Data ”: refers to Personal Data as defined in article 4 (1) of the GDPR.

“ General data protection regulation ” or “ GDPR ”: refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

“ Services ”: refers to the services offered on the Website, in Bip&Go applications and on any other website, application, communication or service associated with Bip&Go, including Services provided outside of the Website (in-branch subscription), to the exclusion of services expressly provided under another privacy policy.

“ Website ”: the Bip&Go website accessible at the address www.bipandgo.com or via any other address that may substitute it or via any redirection URL, including all the pages and sections that compose it.

“ Processor ”: refers to the natural or legal person, public authority, service or other entity that processes Personal Data on behalf of and according to the instructions of Bip&Go, in accordance with article 4 (8) of the GDPR.

“ Processing/Process ”: refers to any of the operations provided for in article 4 (2) of the GDPR carried out on Personal Data in accordance with this Privacy Policy.

“ Personal Data Breach ”: refers to security breaches as defined in article 4 (12) of the GDPR.

“ Visitor ”: refers to anyone who has only accessed the Website, without becoming a Customer.

Any modification to any of the definitions in this article 3 resulting from a modification to the Applicable Law will be applied automatically on the date it comes into effect or the date on which the modification is applied to national legislation in the European member state where Bip&Go is established or the European member state where the Processing takes place in accordance with this Privacy Policy.

4. Data collected and associated purposes

4.1 Data transmitted by the Customer

4.1.1 During registration

Bip&Go collects and processes personal data in order to provide its Services and manage its relationship with Customers.

To access Bip&Go’s Services, the Customer must create an account by filling in a registration form. For this purpose, the Customer must provide Personal Data, including title, full name, date of birth, email address, user name, password, telephone number and postal address, payment methods and information on their vehicle. The Customer may also be encouraged to specify their professional situation.

Please note that the password is strictly personal. It is protected by a one-way hash function and can therefore not be revealed or recovered by Bip&Go. Nonetheless, as the Customer is responsible for the confidentiality of their password and for use of their account, Customers are advised not to pass on their password to anyone and to always log out before closing their browser. Any use of the Services, access and navigation on the Website, connection or transfer of data carried out via the Customer’s account with their login details is assumed to have been carried out by the Customer and remains solely the Customer’s responsibility.

Bip&Go shall not be held liable for any loss of login details (user name or password) or, unless Bip&Go receives prior warning and regular notification in writing, for any damage caused by an unauthorised person’s use of a Customer’s account. In the event of loss or theft of login details, the Customer shall follow the procedure put in place by Bip&Go, which will allow them to retrieve their login details and/or reset their password.

Bip&Go is unable to check the truthfulness of the information transmitted by the Customer when creating an account. Therefore, Bip&Go shall not be held liable for any false declarations or identity theft. The Customer agrees to provide Bip&Go with accurate information and update it if it later changes.

4.1.2 Communication, marketing campaigns and information campaigns

Generally, Personal Data is used to send information via text message or email to Customers or to persons who have given their consent, if required.

Moreover, Personal Data enables Bip&Go to offer Services that are adapted to each Customer’s needs. For the Services to be personalised, Personal Data concerning the Customer’s family situation, lifestyle or toll usage habits may be required.

4.1.3 Managing customer relations

The Customer Service Centre, when contacted by the Customer, collects Personal Data that is strictly necessary in order to provide a diagnosis, solve any issues found by the Customer or respond to any queries from the Customer.

4.1.4 Improving products and Services

Bip&Go uses Personal Data to develop and improve its products and Services so that it performs at its best and fully satisfies its Customers. Bip&Go is committed to maintaining its products and Services while constantly optimising them, in order to remain innovative and competitive.

4.2 Personal data collected automatically

Certain Personal Data may be collected automatically, such as data collected through Cookies when the Customer or Visitor uses or consults the Website or when they interact with Bip&Go. The Data collected automatically includes the type of device used by the Customer or Visitor to access the Website, its operating system, its IP address, the type of browser and any interaction with the Website’s content.

4.3 Dispute resolution and combating non-payment

Personal Data is also used as a means of dispute resolution and to combat non-payment, through the creation of a Customer exclusion list.

4.4 Mandatory disclosure

Customers’ or Visitors’ Personal Data may be disclosed in the following cases, within the limits of Applicable Law:

- to comply with a legal obligation, injunction or any other judicial measure, in the context of inquiries into suspected or proven illegal activities, to prevent these activities or to take measures against them;
- in the event of the Customer’s breach of contract against Bip&Go;
- to guarantee the rights, ownership and security of Bip&Go;
- to guarantee the rights and security of its Customers.

4.5 Automated processing of Personal Data

For the Processing purposes mentioned in article 4.1.2 (Service personalisation) and 4.3 (combating non-payment), Bip&Go may make automated decisions based on the Processing of its Customers’ Personal Data. This includes decisions made automatically by Bip&Go calculated through Data provided by the Customer, in order to present products or Services that are adapted to the Customer, or to enable Bip&Go to combat non-payment.

In the case of personalised Services, automated decision-making is considered an advantage that allows Bip&Go to offer Customers the best possible choice of Services, adapted to the information provided by the Customer.

For this type of Processing, Customers are informed that they may contact Bip&Go using the details in article 14.1 in order to:

- request the involvement of a natural person at Bip&Go in any decision made based on their Personal Data;
- express their point of view;
- obtain an explanation of the automated decision
- contest the automated decision made.

5. Storage of Personal Data

Personal data may be processed by Bip&Go, companies in the SANEF group and Bip&Go service providers, inside and outside of the European Economic Area, in accordance with the protection rules provided for by European regulations and the standards set out by the GDPR.

6. Retention period for Personal Data

Customers’ Personal Data is retained for 3 years, starting from the last interaction between Bip&Go and the Customer, and is then archived for 7 years with restricted access.

Prospects’ Personal Data is deleted a maximum of 1 year after contact from them or when they have not replied to two successive requests. When a person exercises their right to object to receiving marketing communication, the information needed to process this right to object is retained for a maximum of 3 years, starting from the day on which this right is exercised, exclusively for the purpose of managing this right to object request.

Payment Data is deleted once the transaction has been completed. In the case of a bank card payment, the payment Data is retained as proof, should the transaction be contested, in intermediate archives for a maximum of 13 to 15 months, starting from the date of the transaction. This Data may be retained for longer with the Customer’s express consent. This consent will be collected through a tick box and may be retracted at any time.

7. Recipients of Personal Data

Except in the case of Processing by SANEF, ABERTIS or the Processors used by Bip&Go to provide the Website and Services for the Processing purposes described in article 4, Personal Data is only accessible to internal Bip&Go departments for marketing, customer relations, audit and other purposes, within the limits of the powers attributed to each collaborator.

Personal Data is transferred to Bip&Drive if the Customer subscribes to the “Spain Extension”.

8. Sharing Personal Data with authorised third parties

Personal Data may also be passed on to competent public authorities should an offence be committed, to court officials, to ministerial officials and to debt collection agencies.

9. Processors

Bip&Go may use Processors to provide certain services, such as bank transaction Processing, invoicing, sending marketing emails or correspondence with Customers. Processors and their personnel are subject to confidentiality and security obligations when Processing Customers’ Personal Data. Processors also agree to take the technical, organisational and structural measures necessary to avoid any Personal Data Breach, including:

- damage to, destruction of, modification of or loss of Personal Data, either accidentally or without Bip&Go’s authorisation
- disclosure of Personal Data to third parties or access to Personal Data by third parties, either accidentally or without Bip&Go’s authorisation
- any Data Processing, under any form and for any reason, that is illegal, not authorised by Bip&Go or not provided for in the contract. Processors’ security measures comply with Applicable Law.

10. Use of Cookies and similar technologies

Customers and Visitors to the Website are informed via an information banner that, when visiting the Website, Cookies may be installed automatically on their browser. By accepting this information banner, the Customer or Visitor accepts the use of Cookies for the purposes described below.

10.1 Strictly necessary and Functionality Cookies

Strictly necessary Cookies ensure that the Website runs smoothly when the Customer or Visitor browses it. They can follow the Customer’s actions when necessary to connect to an identification service (SessionID) or use a media reader (audio or video) for content requested by the Customer or Visitor (flash Cookies). They are also used to contribute to the security of a service requested by the Customer or Visitor.

These Cookies record the Customer’s journey through the Site during a session and memorise their preferences needed to provide Services, in order to improve their experience on the Website and personalise its features. They are used to record the user’s chosen language, for example. Please note that these Cookies cannot track the Customer’s or Visitor’s movements on other websites.

10.2 Performance Cookies

These analytics Cookies enable Bip&Go to improve the Website’s user-friendliness by analysing Visitors’ journeys. The results of these analyses are Processed anonymously, exclusively for statistical purposes.

10.3 Advertising Cookies

Advertising Cookies are used to see the Customer’s browsing habits, thus personalising their browsing experience by offering products and Services that are adapted to their expectations. These Cookies are useful for Bip&Go, as they measure the performance of its advertising while offering the Customer personalised advertisements.

10.4 List of Cookies used on the Website

In accordance with Applicable Law and the recommendations of the French Data Protection Commission (“ CNIL ”), Bip&Go has set a Cookie expiry date of a maximum of 13 months from the last interaction between the Customer or Visitor and this Cookie. After this period, Bip&Go must obtain the Customer’s or Visitor’s consent to be able to use Cookies.

10.5 Removal of Cookies

The Customer or Visitor accepts that Cookies improve their browsing experience on the website and are required to access some secure areas. Should the Customer decide to block Cookies through their browser, among other consequences, they will only be able to visit the public part of the Website and will not be able to access their account.

However, it is possible to object to the use of analytics Cookies or Cookies that optimise advertising content at any time, through the browser’s Cookie settings, private browsing mode or even the browser’s “Do Not Track” option (DNT).

Objecting to the use of advertising Cookies will not stop advertising being displayed. Advertising will continue to be displayed at random, without taking into account the Customer’s or Visitor’s interests.

According to their browser, Customers or Visitors have the following options: to accept or reject Cookies of any origin or from one specific origin, or to programme the browser to display a message requesting the Customer’s or Visitor’s agreement every time a Cookie is installed on the device.

If the Customer or Visitor wishes to remove or block Cookies, they may do so on their first visit to the Website by unticking the box(es) that correspond(s) to the Cookie(s) they wish to remove or block.

After this, they may do so by clicking on Cookie settings , by changing browser settings or by consulting the online help provided by the browser (Internet Explorer, Mozilla, Chrome, etc.).

For Microsoft Internet Explorer:
Tools - Internet Options - Privacy
Configure according to your needs

For Chrome:
Settings (accessible from the “Tool” icon at the top right)
Display advanced settings
Privacy and security - Content settings
Configure according to your needs

For Firefox:
Menu - Options - “Privacy and security” tab
Configure according to your needs

To find out more about Cookies of all origins and not just from this Website, Customers and Visitors are invited to consult the website Youronlinechoices, published by the Interactive Advertising Bureau France, in order to find out which companies are registered with this platform and offer the possibility of refusing or accepting the Cookies they use to adapt the advertising displayed on devices to the user’s browsing habits http://www.youronlinechoices.com/uk/

11. Security

The Customer is informed that Bip&Go has taken the reasonable technical and organisational measures necessary to ensure the security of Personal Data and protect it from unauthorised access, alteration, disclosure, misuse or loss.

As an example, Bip&Go has implemented IT systems with restricted access on protected premises, as well as encryption protection through the HTTPS protocol when Personal Data is transferred via the internet.

12. Newsletters, marketing correspondence

The Customer may object to the sending of newsletters and marketing messages relating to the Services offered by Bip&Go. The Customer will only receive newsletters and marketing messages from Bip&Go’s partners if they have given their consent.

Any person other than Customers, including Visitors, may receive newsletters and marketing messages if they have given their consent.

The Customer or any other person, including Visitors, may choose to stop receiving newsletters and marketing messages from Bip&Go or its partners at any time by clicking on “Unsubscribe” in any email from Bip&Go, or by contacting Bip&Go via the details indicated in article 14.1.

13. Updating our Privacy Policy

This Privacy Policy may be modified, especially in accordance with legislative and regulatory changes. To this end, the Customer may consult updates directly on the Website or will be informed by email when necessary.

14. Right of access, modification, erasure of your Personal Data

14.1 Contact information to exercise your rights

In accordance with Applicable Law, the required internal paperwork has been carried out for Personal Data Processing on this Website. The SANEF Group has designated a Data Protection Officer(“ DPO ”). The Customer or Visitor may exercise their right to access, rectification, objection and erasure, under the conditions provided for in Applicable Law, by writing to the SANEF Group’s DPO at 30 boulevard Gallieni, 92130 Issy-les-Moulineaux, or by email at donneespersonnelles@bipandgo.com.

Customers or Visitors may also send any requests or questions regarding Personal Data Processing to these contact addresses.

Should the right to objection be exercised, Bip&Go will stop Processing the Personal Data, unless there is a legitimate, urgent reason to continue or in order to ensure the establishment, exercising or defence of legal claims, in accordance with Applicable Law. If applicable, Bip&Go will inform the Customer or the Visitor of the reasons for which the rights they wish to exercise cannot be fulfilled, either in part or fully.

The right to erase Personal Data applies subject to Bip&Go’s justified need to retain this Personal Data, especially in relation to legal obligations.

The Customer also has the right to Data Portability for some of their Personal Data, which enables them to request a computerised copy in a readable, usable format of their Data Processed by Bip&Go as part of their contractual relationship with Bip&Go for the provision of products or Services. This excludes:

- Data that Bip&Go may have produced for its own purposes or that enable the company to fulfil its legal obligations, including accounting, social and tax information;
- information relating to subscription records, as well as all the information Bip&Go may have generated within the framework of legitimate interests that may be pursued relating to Customers’, Visitors’ and prospects’ areas of interest.

The Customer may also define guidelines regarding the use of their data after their death.

Having contacted Bip&Go, if the Customer or User considers that their data protection rights have been infringed, they may lodge a complaint with the data protection authority.

14.2 Exercising rights

To access the Data that concerns them, the Customer or Visitor must provide proof of identity to the DPO at the above address (article 14.1 of this Privacy Policy), in accordance with Applicable Law.

The Customer may nominate a representative of their choice to exercise their right of access. The representative must then send a letter indicating the subject (exercising right of access), the identity of the person represented and the representative’s identity.

For example, the requesting party may ask for information on the origin of their Data and ask for a copy of it.

The DPO then has a month to respond to the request. However, this period may be extended by two months, depending on the complexity of the request and the number of requests. In the event of an extension, the requesting party will be informed within a month of reception of the request.

14.3 Cases of refusal to respond

The DPO will not be obliged to respond to exercising rights requests if:

• the request is clearly abusive, especially in terms of its number, repetitive nature or systematic nature;
• the Data is not retained: in this case, access is not possible.