Privacy policy


Last Update: August 15, 2022

The rastel.io website, along with the subdomain app.rastel.io (webapp), is the property of the co-founders of Rastel.io. By using this site, you, as a User, acknowledge and agree to the content of this document.

Rastel.io understands the scope and consequences established by EU Regulation 2016/679 (GDPR) as well as related legislation regarding the protection of personal data. The company is committed to protecting your rights and freedoms by processing personal data safely and in compliance with all legal obligations.

Through this Personal Data Protection Policy, we aim to transparently inform you about how we collect, use, transfer, and protect your personal data when you interact with us through our website and the associated application.

To reflect any changes in how we process your personal data or any changes in legal requirements, updates and periodic changes to this Personal Data Protection Policy will be published on this page.

1. What is personal data and the categories of personal data we process

1.1 Personal data refers to any information related to an identified or identifiable natural person. Different pieces of information that, when collected, can lead to the identification of a specific individual are also considered personal data.

1.2 We collect your personal data directly from you, giving you full control over the information you provide.

1.3 Contact and Navigation Data. We directly collect your personal data through the contact form on our website (email, phone, name), the waiting list registration form (email and city), and indirectly through your access to our website (IP address used at the time of access). For example, when you send us a message through the contact form, you provide us with information such as your email address, phone number, and any data you enter in the message field. Therefore, you have full control over the type of information you provide to us.

1.4 Cookies. We may also collect and process information about your behavior during your visit to our website to personalize your online experience. According to our Cookie Usage Policy (Cookie Policy), we may store and collect information in cookies and similar technologies.

1.5 Data from your account

We also process your data through the "My Account" section. For the proper management of your user account, we collect your email address and the password you choose at the first login. For the optimal use of the rastel.io service, we collect your name, email, phone number, and location.

2. Purpose of data processing

2.1 We process the personal data provided for:

2.2 To provide our services

Rastel.io collects personal data necessary for creating a client account that allows the safe use of the bicycle parking network. The collected data includes the name, phone number, email, and geolocation at the time of using the application.

2.3 For the improvement of our services

To provide the best online browsing experience on our website, we may collect and use certain information about your activity on the site. We rely on our legitimate interest to carry out activities for you optimally while ensuring that we respect your fundamental rights and freedoms.

2.4 To handle your requests

We collect your data to handle requests made under the GDPR and to inform you about changes to our policies or provide information of interest to you as a beneficiary of our services. For this purpose, we will use the contact details provided by you, such as email address and phone number.

We ensure that these processing activities are carried out in accordance with your rights and freedoms and that decisions made based on them do not affect you.

2.5 To defend our legitimate interests

In certain situations, we will use or transmit information to protect our rights and activities. These include:

2.6 Also, for the constant improvement of the quality of our services, we will collect your personal data for statistical purposes, but only with the implementation of technical and organizational security measures, along with pseudonymization and/or anonymization, as appropriate. Any personal data collected in this way will be strictly kept within Rastel.io and used only for this purpose.

3. Legal basis for processing

The legal bases for processing take into account the provisions of Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data and the normative acts on the processing of personal data adopted at the level of Romania.

The processing of the personal data listed above is based on at least one of the following legal grounds:

4. How long do we keep your personal data

We keep the personal data processed by us only as long as necessary for the purpose for which it was collected (including according to applicable law or regulations), such as:

In any situation, except for cases provided by applicable law, we delete your data when you request it. Applicable exceptional situations will be communicated to the applicant through the response forwarded to him/her by Rastel.io regarding the request for data deletion.

5. To whom do we transmit your personal data

As appropriate, we may disclose your data to the following categories of recipients:

In cases where we transfer your personal data to third parties, we will take all necessary measures to ensure that this data is kept secure, and any transfer of this type of data is carried out only under the conditions provided by law and in accordance with applicable legal regulations.

6. In what countries do we transfer your personal data?

Currently, we store and process your personal data on the territory of Germany and on our server located in Frankfurt, Germany. However, it is possible that we may transfer certain personal data to entities located in the European Union or outside the Union, countries to which the European Commission has recognized an adequate level of protection of personal data.

We take all measures to ensure that any international transfer of personal data is carefully managed to protect your rights and interests, and we allow such transfers only when absolutely necessary, applying the principle of minimization. Data transfers will always be protected by contractual commitments and, where appropriate, by other technical or organizational guarantees. To find out more information about the countries to which we transfer your data, you can contact us at any time.

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, following industry standards.

Despite the measures taken to protect your personal data, we do not assume responsibility for vulnerabilities in systems that are not under our control. We remind you that transmitting information over the Internet is not completely secure, and there is a risk that data may be viewed and used by unauthorized third parties independent of our intervention.

7. What are your rights?

The General Data Protection Regulation provides that you, as a data subject, have the following rights:

7.1. Access

You can request us to confirm whether we process your personal data, and we will provide you with a copy of your data and present information about how we use it, to whom we disclose it, whether we transfer it abroad, how we protect it, how long we keep it, what rights you have, how to file a complaint, where we obtained your data, to the extent that this information has not already been provided to you in this notice.

7.2. Rectification

You can ask us to rectify or complete your inaccurate or incomplete personal data. We may verify the accuracy of the data before rectifying it.

7.3. Data Deletion

You can ask us to delete your personal data, but only if:

We are not obligated to comply with your request for the deletion of personal data in any circumstance. The most likely situations in which we could refuse your request are:

7.4. Restriction of Data Processing

You can ask us to restrict the processing of your personal data only if:

We may continue to use your personal data following a request for restriction if we have your consent, or to establish, exercise, or defend a legal claim or to protect the rights of Rastel.io Solutions SRL or another natural or legal person.

7.5. Data Portability

You can ask us to provide your personal data in a structured, commonly used, and machine-readable format, or you can request it to be directly transferred to another data controller, provided that the processing is based on your consent or on the conclusion or performance of a contract with you, and is carried out by automated means, as well as that the transfer is technically possible.

7.6. Objection

You can object to the processing of your data at any time if you believe that your fundamental rights and freedoms prevail over our legitimate business interest.

7.7. Automated Decisions

You can request not to be subject to a decision based solely on automated processing when that decision:

This right does not apply when the decision:

7.8. Complaints

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing regarding the processing of your personal data. However, we recommend that you contact us first, and we assure you that we will make every effort to resolve any issues amicably.

To exercise your rights, you can contact us using the contact form on the contact page. We aim to respond to any valid requests within a maximum of 30 days, unless the matter is particularly complex or if you have made multiple requests, in which case we will respond within a maximum of 60 days, notifying you accordingly.

8. Changes to this Policy

Rastel.io reserves the right to make changes to this Personal Data Protection Policy at any time by notifying its Users on this page and, if possible from a technical and legal point of view, by sending a notification to users through any contact information available to us. It is strongly recommended to check this page frequently, referring to the date of the last modification listed under the title.

If the changes affect the processing activities performed based on the User's consent, we will collect new consent from the User, if necessary.

9. Contact

We are always open to hearing your opinions and providing you with any additional information you may need regarding the processing of your data. If you have questions about the content of this document or want to exercise your rights, feel free to contact us by email at contact@rastel.io.