Privacy Policy

Your data. Your control.

This Privacy Policy explains how Cycle2Connect collects, uses, stores, and protects your personal information in accordance with Regulation (EU) 2016/679 (GDPR).

Effective date: April 2026 Version: 1.0

Location (GPS)

Used only when you initiate ride recording. Never used for passive background tracking.

GDPR compliant

Processed under clear legal bases. You can access, correct, or delete your data at any time.

No sale of data

We do not sell personal data or use it for behavioral advertising profiling.

1

Introduction

Cycle2Connect ("C2C", "we", "our", "us") respects your privacy and is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR).

This Privacy Policy applies when you use:

  • The Cycle2Connect mobile application
  • Associated web services
  • Community, leaderboard, and event features
2

Data Controller

Cycle2Connect
Kolesarsko društvo Rog
Registered in Slovenia

Email: info@kdrog.si

3

Personal data we collect

A) Account information

  • Name
  • Email address
  • Username
  • Year of birth
  • Country of residence
  • University or educational institution
  • Profile photo (optional)
  • Authentication ID (backend management system)

B) Activity & performance data

  • Ride distance
  • Activity duration
  • CO₂ savings calculations
  • Location data used only for distance calculation
  • Event participation
  • Leaderboard ranking

C) Technical information

  • Device type
  • Operating system version
  • App version
  • IP address
  • Log and diagnostic data

We do not collect special category data as defined in Article 9 GDPR.

4

How we use your data

We process personal data to:

  • Create and manage user accounts
  • Record cycling activities
  • Calculate environmental impact metrics (e.g., CO₂ savings)
  • Organize users into university teams and student groups
  • Enable participation in the European Student Cycling Challenge
  • Display rankings and statistics (individual, team, and university level)
  • Manage events and group participation
  • Ensure platform security and prevent misuse
  • Improve and develop our services
  • Generate aggregated and anonymized statistics for research and project reporting

We do not sell personal data.

5

Legal basis for processing

We rely on the following legal bases under GDPR:

  • Contract performance (Art. 6(1)(b)) — providing the app's core features
  • Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, service improvement
  • Consent (Art. 6(1)(a)) — optional features such as GPS tracking
  • Legal obligation (Art. 6(1)(c)) — where required by EU or national law
6

Data storage & security

Data is stored on secure cloud infrastructure (AWS EU region). We implement:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication
  • Access controls
  • Cloud security best practices
7

Data retention

We retain personal data:

  • While your account is active
  • As required by applicable law
  • Until you request deletion

Upon account deletion, personal data is removed or anonymized. Aggregated statistical data may be retained.

8

Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Restrict processing
  • Request data portability
  • Object to processing
  • Withdraw consent at any time

We will respond to requests within 30 days in accordance with applicable data protection laws.

Contact: urska.pintar@kdrog.si

9

Minors and educational institutions

Cycle2Connect encourages participation in cycling and sustainable mobility among people of all ages, including students and young participants.

If users are under the age required by applicable national data protection laws, the use of the platform should be supported by a parent, legal guardian, or participating educational institution.

10

Third-party processors

We may use the following service providers:

  • Auth0 — identity management
  • Amazon Web Services — hosting (EU region)
  • Amazon SES — email delivery
  • Apple / Google — app distribution

All processors operate under GDPR-compliant data processing agreements.

11

Changes to this policy

We may update this Privacy Policy as the service evolves. We will update the effective date above and notify users of material changes.

GDPR Compliance Statement

Data Protection Commitment

Our commitment to data protection principles and applicable regulations.

Regulations we comply with

  • Regulation (EU) 2016/679 (GDPR)
  • Slovenian Data Protection Act
  • EU digital platform regulations

Principles we implement

  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Privacy by design
  • Secure cloud infrastructure
  • Data Processing Agreements with vendors
  • Breach notification procedures
  • User rights management workflows

What we do not do

  • Automated legal decision-making
  • Behavioral advertising profiling
  • Sale of personal data

Location tracking is user-initiated only.

GDPR requests

For any data protection requests or inquiries, contact our data protection contact:

urska.pintar@kdrog.si

Back to Home Read Terms of Use