RideSafeUM (hereinafter “RideSafeUM”, “we”, and or “us”) is an initiative co-funded by EIT Urban Mobility with the objective to improve micromobility safety through better provision of information to users, smooth reaction in case of accident and data analysis for wider learning, policy and management purposes. RideSafeUM is composed of different partners and governed by a consortium who makes the strategic decisions related to the initiative. RideSafeUM is the holder of the RideSafeUM solution (hereinafter “the Application” or “the App”).
- “Application”: a.k.a “App” means the program that performs the set of tasks offered by the RideSafeUM solution.
- “Anonymisation”: means the process of removing personal identifiers, both direct and indirect, that may lead to an individual being identified. Once anonymisation has been completed, it is impossible to identify the subject even if there is a data breach of the system(s).
- “Academic Purposes” means the research intention of RideSafeUM, as it is an initiative co-funded by EIT Urban Mobility and, as such, part of its nature is to (i) obtain information on user’s behaviour and technical implementation; (ii) investigate the necessity of the implementation of micromobility regulations; and (iii) identify the possible risks regarding the use of micromobility vehicles in cities, and so forth.
- “App Functionality” means the basic requirements for the application to properly function and therefore that it’s capable of providing the service.
- “Data” means any factual information (such as measurements or statistics) used as a basis for reasoning, discussion, or calculation to run the service.
- “Personal Data” means information relating to natural persons who can be identified or who are identifiable by the access to or use of this data, directly from the information in question; or who can be indirectly identified from that information in combination with other information.
- Pseudoanonymisation: means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable individual.
- “Service”: means the act of providing the use of the RideSafeUM solution
- “Third Party Platform”: means other apps that make use of some functionality of the original app to provide the service in a particular city, region and/or country.
- “Trip”: means a journey from one place to another.
- “Vehicle”: means any bike, e-scooter used by the User that includes the RideSafeUM solution.
- “We”, “us”, and or “our(s)”: means RideSafeUM.
- DATA COLLECTION, PURPOSE AND TREATMENT
The nature of RideSafeUM will involve, to some extent, the collection or processing of data when recording incompliances with specific regulations that are happening during the User’s trip, as well as capturing video images through the incorporated computer vision module exclusively to help detecting severity of incidents should any happen.
Thus, with the aim of providing the User with the Service, RideSafeUM needs to collect geolocation data and, to enable App Functionality, Biometric Data. In order to prevent any possible data breach, and recognising the data we need is for general research purposes (i.e. does not require personal data to be collected or analysed), RideSafeUM works with anonymised and pseudoanonymised data, as explain hereunder:
Table 1 – RideSafeUM Data Collection, Purpose and Treatment
|Type of data||Definition||Purpose||How we anonymise it||Data treatment*|
|Geolocation data||In terms of RideSafeUM, this includes, exclusively, data related to the exact location of the User in real time, building up the User’s itinerary.||1. App Functionality
2. Academic Research
|To prevent the identification of the User’s patterns, and therefore their usual routes which are considered personal data, our algorithm will automatically delete the first and last km of the User’s trip. Additionally, an unique, randomly generated UserID will be produced for each trip which will not be related to You in any way.||1. Data processing|
|Biometric Data||In terms of RideSafeUM, this includes exclusively the faces of bypassers and plate numbers of vehicles around||1. App Functionality||RideSafeUM’s dashboard is provided with a face erasing algorithm created to automatically erase any detected faces and plate numbers.||1. Data processing
2. Data Collection
*See Clause 4 and Clause 5 for more detail
- ANONYMISED DATA ACCESS
In order to properly develop RideSafeUM’s services, these are the identified subjects that will have access to your data for functionality and research purposes:
- RideSafeUM’s consortium members. We will share any already anonymized information we receive from you with the RideSafeUM’s consortium, from whom you are soliciting the services. We are not responsible for the privacy and security practices of the consortium members.
- Third Parties. RideSafeUM may share Personal Information with our Affiliates for our and our Affiliates’ internal business purposes or to provide you with a service that you have requested, always in strict direct relation with RideSafeUM purposes for research and innovation. “Third Party” means any entity that, directly or indirectly, controls, is controlled by, or is under common control with RideSafeUM (e.g. EIT Urban Mobility).
- Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we have associated with you if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) enforce RideSafeUM policies or contracts; (iv) prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) carry out actions that we believe are otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on our services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of unauthorized or illegal activities.
- DATA GATHERING
RideSafeUM’s related data will be gathered exclusively through the App.
In all pilot test cases for the three cities, App users will be assigned a random number that will allow them to use the App (i.e. no need to sign in or open an user account). Random ID users are not considered personal data, since one cannot identify them and for extra security the system will generate a new random ID per trip. Tracking of location (to support data analysis) will be secured by this random assignment of IDs per trip. In addition, the system will disregard the first and last part of the trip, to guarantee that no origin-destination correlations can be made.
Moreover, the RideSafeUM solution will output a recording in case of an accident. Otherwise, as has been stated, the system rewrites the audio-visual content, and therefore no personal or biometric data is processed. Accident video data will come strictly from the solution itself, and will consist of said audio-visual content as well as the location parameters. This information will be gathered by the App itself, and any further processing will take place within the established system as illustrated in the diagram below.
Diagram 1: RideSafeUM’s data itinerary
- DATA COLLECTION AND STORAGE
RideSafeUM will only store the data extracted from the App once it has been anonymised and pseudoanonymised, in safe servers of one of the consortium members. In addition, and exclusively for research purposes, UPC will store street anonymised recordings and use them to feed and improve the development of the computer vision algorithm, for functionality purposes of the App.
As previously mentioned, audio-visual content will not be stored unless strictly necessary (i.e. when an incident happens, only to understand its severity once faces and plate numbers have been blurred, and to contact emergency services if necessary). Recordings that are automatically deleted on the go are not considered for this analysis.
Regarding the video processing associated with the anonymisation of accident recordings, the content will be securely transferred in a processing server, that will be property of one of the consortium members. The transfer of the video from the back-end (app) to the back-office will take place over a secure communication channel (FTPS server). The raw video will be stored in the back-end server while the server completes the processing of the file (this process could take a few minutes for a 10 second video footage). During that period, the security/integrity of the raw video file will depend on the existing security policies governing the consortium member’s server and network infrastructure that will adapt to RideSafeUM’s Data Breach Mitigation Strategy. As soon as the processing is completed, the raw video file will be permanently deleted from the server.
In accordance with the above, Personal Data will only be stored for a total of 2 minutes, which is the minimum time needed by the algorithm to erase any biometric data found in the recordings. Once the processing has been completed, the video automatically is rewritten and it will not be able to be traced back under any circumstances.
The anonymised audio-visual content is sent to the cities dashboard, where it will be stored for as much time as needed for the public entities to enforce the legal actions needed in every situation according to their own regulations. Anonymised recordings will be stored in the RideSafeUM city dashboard, an encrypted interface that only the cities will have access to, therefore preventing any data deviation.
- YOUR RIGHTS
Article 15 grants the user a right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations (the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer).
Said right receives the name of “right to access” and, within the context of this project would entail the necessity of having the information prepared just in case someone exercised their right to access.
It is worth mentioning that the controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
As per article 16 of the GDPR, the user has a right to the rectification of their data. This means that when personal data is erroneous, controllers must correct it as soon as the data subject notifies them of the mistake.
In terms of processing, the user has the right to have their data processed in a certain way and limit the processing of his or her personal data, subject to a number of criteria. Exceptions apply, granted by article 18 of the GDPR, which can be the following: when the data processing is unlawful and the user proceeds to the restriction of their data instead of erasing it, when personal data is no longer needed for the purposes of the processing or when the user asks for their data for the establishment, exercise or defense of legal claims.
The data subject has the right not to be affected by a decision based entirely on automated processing, including profiling, that has legal consequences for him or her or has a comparably significant impact.
GDPR Article 19 merely states that when possible, the controller must tell recipients who received personal data what subject rights apply to these data.
An individual may also object, according to Article 21 GDPR, at any time to the processing of their personal data for a particular use when a given company processes it on the basis of a legitimate interest, or for a task in the public interest, with the exception being a legitimate public interest that overrides the individual’s interest. In the case of RideSafeUM, mostly for the public entities linked to the project, this could be applied, since the project is related to road safety and road endangerment actions. Likewise, an individual can ask to have the processing of their personal data restricted while it is determined whether or not your legitimate interest overrides their interest.
Last but not least, the right to be forgotten is regulated by Article 17 GDPR. As its name insinuates, the right to be forgotten implies the obligation of erasing any data given by the user with no delay. Said “undue delay” must be applied as soon as the controller is notified, in the following grounds:
When the personal data of the user are no longer necessary in relation to the purposes for which they were collected or otherwise processed; when the data subject withdraws consent on an uninformed consent basis (article 6.1.a GDPR);
In the scenario provided by article Article 9.2.a GDPR and where there is no other legal ground for the processing;
When the user objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
In cases of unlawfully processed personal data;
When the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
In cases of data gathering in relation to the offer of information society services referred to in Article 8(1).
The previous obligations on data erasing will not apply in cases of freedom of expression and information, in compliance with a legal obligation which requires processing by a Union Member State Law as well as if the data is of interest (or has been gathered) for a public authority.
You can exercise any of your rights by sending an email to firstname.lastname@example.org. We will try to resolve your consultation as soon as possible.
- FINAL NOTE
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that We have not been able to assist with your complaint or concern, you have the right to make a complaint to the relevant Data Protection Agency.
Further information is available in the local Terms and Conditions for Users, which can be found when downloading our App.