Privacy Statement Pon.Bike - for Users and Third Party Data Recipients
Scope
This Privacy Statement Pon.Bike governs the collection, use and other forms of processing of personal data by Konkinklijke Gazelle NV, Kalkhoff Werke GmbH and Smart Urban Mobility B.V. (together referred to as “Pon.Bike”, “we” or “us”) related to our services, our connected products and login website. As part of Pon Holdings B.V. and its affiliates ("Pon"), we are committed to protecting your privacy and the security of your personal data.
We may share data among our companies, but only if legally permitted and for the purposes described in this statement.
Who is responsible for your personal data?
The legal entities responsible for all personal data processing in connection with the login service for connected products are:
Koninklijke Gazelle NV, Wilhelminaweg 8, 6951 BP in Dieren, Netherlands
Smart Urban Mobility B.V., Gyroscoopweg 6, 1042 AB in Amsterdam, Netherlands;
Kalkhoff Werke GmbH, Europa-Allee 26, 49685 in Emstek, Germany.
Why do we process your personal data?
We process your personal data for several purposes, which may vary depending on whether you are a User or a Third-Party Data Recipient. In general, personal data is information that identifies you as an individual or relates to an identifiable individual.
For all Users:
Communication and contact: to communicate with you in a personal way and/or to inform you about the login services and the data request(s) made;
Authentication and security: to establish and verify your identity and handle secure access to our applications. This ensures that only authorized parties can access the environment;
Service Improvement: to gain insight into platform and service usage to allow for optimization and improvement;
Analysis and reporting: To generate aggregated statistics about platform usage for internal reporting and strategic decisions.
Additional Purposes for Third-Party Data Recipients:Identification and legal compliance: to verify your identity as well as the identity and legal status of your company.
Relationship management: to manage and maintain the relationship with you and your company.
User experience personalization: to customize language and other settings to improve your user experience
Which personal data do we process?
We process the following personal data that you provide to us:
This is the personal data that you enter when you login. This data includes e.g. your login credentials, language, country, indeed use, department, company data (legal entity name, registration number, website, company size, jurisdiction) and the Date of the Agreement to the terms and conditions.
How do we process your personal data?
In the table below we describe per way of processing: the personal data and the purposes for which we process the personal data as well as the legal basis for the processing:
Ways of processing | Personal data processed | Purposes for processing the personal data | Legal basis |
Authentication for Users | When you log in, we process your login credentials, language, and technical information such as your IP address and device details for security purposes. | The above described purposes: 2 | Consent, performance of a contract or legitimate interest |
Authentication for Third-Party Data Recipients | When you log in, we process the personal data you provide, which may include:
| The above described purposes: 2, 5 | Consent, performance of a contract or legitimate interest |
Communication & contact | First name, Last name, Phone number, Legal entity name, Registration number, Website, Jurisdiction, Date of agreement to the terms and conditions | The above described purpose: 1 | Legitimate interest |
Contact via customer service, addressing questions or requests you may have | First name, Last name, Phone number, Legal entity name, Registration number, Website, Jurisdiction, Date of agreement to the terms and conditions | The above described purpose: 1 | Consent or legitimate interest |
Product and process improvements | Usage data (interaction with platform and navigation), technical Information (device, browser type, operating system and IP address), interaction data (error logs) and aggregated profile data which is anonymized or pseudonymized and used for statistical reporting. | The above described purposes: 3, 4 | Consent, performance of a contract, legitimate interest |
Personalization of User Experience | Language, Country | The above described purpose: 7 | Consent, legitimate interest |
Product registration | Framenumber bike(s) | The above described purposes: 1, 2, 3, 4, 5, 6 | Performance of a contract or legitimate interest |
Our legitimate interests for processing your data include security and protection of our systems, crime prevention, IT management, research and analysis, legal affairs, and efficient relationship management.
You have the right to withdraw your consent which you may have given to the processing of your personal data at any time by deleting your account.
How do we share or transfer your personal data?
Pon.Bike may share your personal data with third parties who perform processing activities on our behalf, specifically to handle authentication and secure access to our application. We require these third parties to diligently process and protect your data. We will not sell your personal data to third parties.
In the event that Pon.Bike or Pon reorganizes or merges with another company, your personal data may be transferred to the new owner and its advisors. We will only otherwise disclose your data if legally required or authorized, or when necessary for reasons like fraud prevention, dispute resolution, or the security of our business and staff.
For transfers from the European Economic Area (EEA) to countries not considered adequate by the European Commission, we have implemented approved contractual agreements with third parties to protect your data.
How do we protect your personal data?
Pon.Bike uses appropriate technical and organizational security measures to prevent the loss or unlawful processing of personal data. This can include using Multi-Factor Authentication, data encryption, and restricting access to your personal data. You can trust that we will implement appropriate security measures to ensure your data's confidentiality and protection.
Your rights
You have the right to request to review, correct, update, suppress, restrict, or delete your personal data. If you have given consent to the processing of your data, you can withdraw it at any time by deleting your account. You can find the option to delete your account in the consumer portal.
To make a request, you can contact us at [email protected] or send a letter to Stadionplein 28, 1076 CM Amsterdam. We may need to verify your identity before fulfilling your request. We will respond to your request as soon as reasonably possible and within any legally required timeframes.
You also have the right to file a complaint with a data protection authority in your country or region if you believe there has been an infringement of data protection law
Cookies, web beacons and similar techniques
Only necessary cookies are used with this authentication service to enable a secure login, ensure multi-factor authentication and session management work correctly, and perform fraud prevention
We use the following cookies:
auth0, auth0_compat: For Login/SSO sessions.
auth0-mf, auth0-mf_compat: For Multi-Factor Authentication.
a0_users:sess, a0_users:sess.sig: For protection against CSRF attacks.
did, did_compat: For security via a Device ID
Most cookies are session cookies and disappear when the browser is closed. Some have a slightly longer lifespan to support "remember me" or Single Sign-On (SSO).
Contact, questions, feedback and Data Protection Officer
If you have any questions about this Privacy Statement, please contact us at [email protected].
You may also contact our Data Protection Officer (DPO) via [email protected]. You have the right to lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.
Policy changes
We may change this Privacy Statement from time to time. Any changes will become effective when we post the revised Privacy Statement. If necessary, we will inform you when we change the Privacy Statement. This statement was last modified on date: September 3rd, 2025