Privacy policy
1. Introduction
In this privacy policy, we describe the personal data we collect, how and why we use it, and what choices and rights you have regarding the personal data you share with us. This privacy policy is designed to provide transparency into our data practice in a format that is easy to read and navigate.
This privacy policy applies to the data processed when you purchase any of our products or use any of our services (such as the CAKE Connect mobile application), enter into contracts with us, visit our website (www.ridecake.com), communicate with us, subscribe to our newsletter, or sign up for test rides or product launches. When referring to “we” or “us”, we mean Brages BidCo AS, a Norwegian private limited liability company with enterprise no. 932525 232 and with registered address at Langelandsvegen 2, 6018 Ålesund, Norway, which is responsible for the use of personal data described herein (i.e. the data controller in accordance with the EU Data Protection Regulation (the “GDPR”).
Please read this privacy policy carefully to understand how we may collect, use, and share your personal data.
If you have any questions about this privacy policy, you can always reach out to us at hello@ridecake.com.
2. What is personal data?
Personal data means any data that can be used to identify you personally, either directly or indirectly, such as your name, address, contact information, device data (as your device may disclose your approximate location or be otherwise connected to you), and more. For the sake of simplicity, we also refer to personal data as “data” in this privacy policy.
3. Which personal data do we collect?
We collect and use different categories of personal data about you. Please note that we may not collect and use all categories of personal data about you. Which personal data that we actually collect and use about you depends on how you interact with us and which role you have.
We may collect and use the following categories of personal data (with examples of data sets):
- Vehicle data: Collected by your CAKE vehicle relating to the usage, operation, and condition of your vehicle, e.g. speed information, odometer readings, vehicle component signals, internet connectivity status, battery use management information, battery charging history, electrical system functions, software version information, safety-related data (including information regarding the vehicle’s braking and acceleration); and other features, as well as other data to assist in identifying issues and analyzing the performance of the vehicle.
- Vehicle type: Vehicle type, make, model, vehicle identification number, configuration.
- Location services data: Your CAKE vehicle uses location to power features such as mobile app location services. Location Services may use a combination of GPS, Bluetooth, IP address, and Wi-Fi and mobile towers to figure out where you are. To protect your privacy, location data is either processed directly without leaving your vehicle, is in a form that does not personally identify you, or remains inaccessible to CAKE, unless you have connected the vehicle to the CAKE Connect mobile application. If you have connected the vehicle to the mobile application you will be able to see where the vehicle is located, where it's been etc.
- Safety analysis data: Data about remote services (for example, remote lock/unlock, start/stop charge, and honk-the-horn commands); a data report to confirm that your vehicle is online together with information about the current software version and certain telematics data; data about any issues that could materially impair operation of your vehicle; data about any safety-critical issues; and data about each software and firmware update – for quality, safety and product development purposes.
- Charging information: Charge rate and charging stations/source used by you (including use of superchargers, as well as home or commercial outlets), battery analytics and performance.
- Service history: Data about the service history from CAKE service centers or affiliated third-party approved body shops. This includes information such as name, VIN, repair history, parts details, estimate and costs, outstanding recalls, bills due, customer complaints, service facility, date, mileage and any other information related to the vehicle’s service history.
- Diagnostic data: Vehicle configuration, firmware, energy use, electronic systems state, and other system-to-system data used to identify bugs and conduct technical evaluations.
- Contact data: Phone number, email, address.
- Identification data: Your name, social security number/personal identity number.
- Communication and interaction: Your communication in e.g. emails, your request for information, calls, or in person communications, participation in tours and CAKE events and test drives.
- Login credentials: Username and password.
- Geographic data: Country of residence.
- Demographic data: Date of birth and age, nationality, occupation.
- Organizational data: Title, position, organization that you work for.
- Picture, video and audio material: Photos, videos and audio recordings of you.
- Technical information generated through the CAKE website or application: Information from other sites, e.g. data on how you use our website, such as aggregated and anonymized data about how you move on our website and what products and sites you click on, automatically collected general technical data about your device, such as your device’s IP or MAC number, log information, and approximate geolocation based on your IP-address, information from other sites (with your consent), such as profile information from Google or Facebook and browser data about what other sites you visit, as well as advertising identifiers generated by your mobile or desktop device that allow online advertising and provide information on how you interact with our ads, technical data such as response time for web pages, download errors and date and time when you used the services, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device settings.
- Order information: Billing and delivery address, income data, details about the goods/services you have bought or ordered, such as item and delivery tracking number, pre-delivery documents such as driver’s license or similar.
- Financial/payment information: Your payment method, redacted payment information received from a third-party payment service provider, bank account number, payment card details, financing, lease or credit application information.
- Feedback data: Responses and feedback to inter alia surveys.
- Customer support activity: Information about your contacts with CAKE’s customer service and other employees, via chat conversations, email correspondence, web form and other contact means such as phone.
- Infotainment system data: Analytics regarding infotainment usage such as function successfully or unsuccessfully loaded.
4. What kind of personal data do we collect, why and for how long do we use it?
In this section we describe the types of personal data that we collect, for which purposes and for how long we use it as well as the legal basis for each processing. How the information is used is also further described below under section 4.
We have three main sources of personal data related to you or your use of our products and services;
- information from or about you,
- information from or about your CAKE vehicle, and/or
- information from or about your CAKE energy products.
We also may collect personal data from:
- the company or organization that you work for,
- social network platforms if you follow or interact with us on social media,
- partners that we collaborate with, for example to carry out an event or similar activities,
- external persons that provide your personal data to us, for example in connection with communication or an event or similar activity, and
- public databases.
Depending on the CAKE products and services you request, own or use, not all of these types of information may be applicable to you. See further below. Also, since the processing of personal data depends on the services with which the CAKE vehicle is equipped, and on the services which you choose to activate, this document presents the widest extent of processing possible. It goes without saying that if you have an older vehicle model, or if a new model is not equipped with a certain feature, the data processing associated with that feature will not happen.
4.1 When you interact with us; for example before purchase
When you visit our website, stores, attend a CAKE event, perform a test drive, contact us with questions or for product information (in person, online, telephone or email), we may collect a variety of information from or about you, your device or from third parties.
Purpose | Categories of data | Legal basis | Retention period |
---|---|---|---|
To respond to questions and provide product information, register and manage support matters, investigate, identify and resolve issues, errors and incidents and communicate with you and others for the same purposes. | Contact and identification data, communication | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the processing usually takes place on your initiative and to your benefit. | Personal data is stored for this purpose for a period of 18 months calculated from the date the support matter was closed or the last communication in the same matter. |
Set up and manage your user account in the CAKE Connect mobile application in order for you to fully enjoy our services and its features once you buy a product/become a customer, e.g. to lock/unlock the vehicle, view the vehicle’s current location, track your rides, customize ride and brake modes, get anti-theft notifications, perform bike diagnostics, see ride statistics, get information about service reminders and checklists. | Login credentials, geographic data, vehicle data, location services data | Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the Terms of Conditions with you as part of creating and managing your user account in the CAKE Connect mobile application.
Location services data will only be activated based on your consent. |
Personal data is stored for this purpose as long as you have an active user account in the CAKE Connect mobile application. If you have not been logged in to or used your user account for 18 months, the account is considered inactive. You may also choose to delete your user account at any time. |
Provide newsletters and other relevant marketing content relating to our products and services. | Contact and identification data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always can unsubscribe from our newsletters at any time. | Personal data is stored for this purpose for a period of twelve (12) months from your last interaction with us.
If you have subscribed to our newsletter, we will store your personal data for this purpose until further notice. Please note that you may unsubscribe from newsletters and other marketing content at any time by clicking on the unsubscribe link available in each communication, or by contacting us on the below contact details. |
Carry out events and similar activities, including to register your participation and communicate regarding the activity. | Communication, contact data, identification data, organizational data, picture, video and audio material | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for and/or participates in the activity. | Personal data is stored for this purpose during the period that the event or activity is carried out. Personal data, such as photos of you, may be stored until further notice for the purpose of documenting our business. |
Follow up on and evaluate activities carried out, including inter alia compilation of reports with statistics on number of participants in order to plan for future activities. | Communication, contact data, identification data, organizational data, picture, video and audio material. | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participate in the activity. | Personal data is stored for this purpose for a period of up to 13 months calculated from the date of the relevant activity. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice. |
Provide you with relevant marketing and tailored content, e.g. by way of using cookies and similar technologies on our website. | Technical information generated through the CAKE website or application, information from other sites | Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. | Personal data is stored for this purpose during the period as stated in our cookie policy. |
Improve and optimize website and app performance and user experience, e.g. by way of using cookies and similar technologies on our website (e.g. by remembering your settings and preferences, such as language). | Technical information generated through the CAKE website or application. | Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. | Personal data is stored for this purpose during the period as stated in our cookie policy. |
Analyze the use of our website and digital channels (for example which pages that you have visited and for how long), e.g. by way of using cookies and similar technologies on our website. | Technical information generated through the CAKE website or application | Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. | Personal data is stored for this purpose during the period as stated in our cookie policy. |
Ensure necessary technical functionality and security in our IT systems and services, e.g. in connection with access controls and for security logging, error handling, and backups. For this purpose, we will also use strictly necessary cookies and other technologies on our website and application. | Technical information generated through the CAKE website or application | Legitimate interest (Article 6.1 f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | Personal data is stored for the same period as stated in relation to each relevant purpose of the processing. |
Fulfil our legal obligations, e.g. our accounting and data protection obligations. | Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfil legal obligation (Article 6.1 (c) of the GDPR). | Personal data is stored for such period that is necessary for us to fulfil the specific legal obligation. By way of example, personal data necessary to fulfil book-keeping obligations will be stored for a minimum period of seven (7) years from the end of the relevant calendar year. |
Establish, exercise and defend legal claims and rights, e.g. in connection with a dispute or court proceeding. | Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case. | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | Personal data is stored for this purpose as long as necessary to manage and defend the legal claim. |
4.2 When you are a CAKE customer
If you are a CAKE product and service owner, we also collect and use personal data as described below. We may collect such information either through remote access or in person (for example in our stores or during a service appointment). Depending on which of our products and services you request or use, not all of the below use of your personal data will be applicable to you. See further below.
Purpose | Categories of data | Legal basis | Retention period |
---|---|---|---|
To provide our services (such as test rides and bike service) and products to you, including e.g. to process your order (including requests for product leasing and financing) and payment, invoicing and related administration, provide you with relevant order information and deliver your ordered products or services. | Contact and identification data, age, driving license or similar if applicable, order information, financial/payment information, occupation and income data, organizational data, demographic data. | Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the relevant agreement with you.
Legitimate interest (Article 6.1 (f) of the GDPR. If you represent an organization with which we have entered into an agreement, the use of your personal data is necessary to fulfil our legitimate interest in managing such relationship with the organization. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to fulfil our rights and obligations under the relevant agreement. |
Personal data is stored for this purpose until the order and payment have been completed. |
Provide newsletters and other marketing content (such as contests, events and promotions) relating to our products and services that might interest you, e.g. on the release of new products and services. | Contact and identification data, organizational data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always can unsubscribe from our newsletters at any time.
In case the marketing content is based on profiling, such profiling is based on your consent (Article 6.1 (a) of the GDPR). |
Personal data is stored for this purpose as long as there is an active relationship with you or the organization that you represent and for a period of twelve (12) months thereafter. The relationship is active if we have an ongoing contractual relationship or communication with you or the organization that you represent.
Please note that you may unsubscribe from newsletters and other marketing content at any time by clicking on the unsubscribe link available in each communication, or by contacting us on the below contact details. |
Follow up and evaluate our business, e.g. by providing you customer satisfaction surveys and market surveys. | Contact and identification data, feedback data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always can unsubscribe from our surveys at any time. | Personal data is stored for this purpose during the period the survey is carried out and for a period of three (3) months thereafter to compile the responses in a report. |
To provide customer services, repairs and technical support to you to ensure the safety, security and improvement of our products. This e.g. includes vehicle services and maintenance (including remote vehicle diagnostics and support), to triage and fix software or product issues, improve quality and costs, including responding to questions, register and manage support matters in general and communicate with you and others for the same purposes. | Customer support activity, Vehicle type, vehicle data Charging information, Diagnostic data, Infotainment system data, service history | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the processing usually takes place on your initiative and to your benefit.
Performance of contract (Article 6.1 (b) of the GDPR). If our service or support if required under the relevant agreement with you, the use of your personal data is necessary to fulfil such agreement with you. |
Personal data is stored for this purpose for a period of 18 months calculated from the date the support matter was closed or the last communication in the same matter. Personal data in logs is stored for a period of 18 months from the time of the log entry, or during a longer period for which applicable warranty is still valid. |
Keeping track of your vehicle, e.g. if your vehicle is lost or stolen, and to show how you have used your vehicle. | Location services data | Consent (Article 6.1 (a) of the GDPR). The use of your personal data for this purpose is based on your consent. | Personal data is stored for this purpose as long as you use our products or until you withdraw your consent. |
Develop and improve our services and products (such as adding new features or capabilities), e.g. by carrying out analysis on user behavior and vehicle data to secure the functionality and improve the products over time. | Energy product data, vehicle data, charging information, safety analysis data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to develop and improve our products as appropriate. | Personal data is stored for this purpose for a period of 30 months calculated from the date of collection.
Statistics and reports on an aggregated level which do not include any personal data are stored until further notice. |
Develop, evaluate and operate our business, e.g. by aggregating business information that enables us to operate, protect, make informed decisions, and report on the performance of our business. | Contact and identification data, organizational data, communication, order information, how you interact with our services, vehicle data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to operate and develop our business in the best possible way. | Statistics and reports on an aggregated level which do not include any personal data are stored until further notice. |
Ensure technical functionality and security of our products and services, e.g. to triage and fix software or product issues as well as fraud prevention measures. | Diagnostic data, vehicle data | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the we otherwise would not be able to develop and improve our products. | Personal data is stored for the same period as stated in relation to each relevant purpose of the processing. |
Fulfil our legal obligations, e.g. our accounting and data protection obligations. | Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfil legal obligation (Article 6.1 (c) of the GDPR). | Personal data is stored for such period that is necessary for us to fulfil the specific legal obligation. By way of example, personal data necessary to fulfil book-keeping obligations will be stored for a minimum period of seven (7) years from the end of the relevant calendar year. |
Establish, exercise and defend legal claims and rights, e.g. in connection with a dispute or court proceeding. | Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case. | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | Personal data is stored for this purpose as long as necessary to manage and defend the legal claim. |
4.3 When you are a supplier or partner representative
Purpose | Categories of data | Legal basis | Retention period |
---|---|---|---|
To manage the business relationship between suppliers and partners, for example to register you as a representative as a contact person, manage invoices and to communicate for the same purpose. | Contact and identification data, organizational data. | Legitimate interest (Article 6.1 (f) of the GDPR. The use of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our suppliers and partners. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | Personal data is stored for this purpose as long as there is an active relationship with the supplier or partner, or earlier if the personal data is no longer necessary. |
Develop, evaluate and operate our business, e.g. by aggregating business information that enables us to operate, protect, make informed decisions, and report on the performance of our business. | Contact and identification data, organizational data, communication. | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to operate and develop our business in the best possible way. | Statistics and reports on an aggregated level which do not include any personal data are stored until further notice. |
Fulfil our legal obligations, e.g. our accounting and data protection obligations. | Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfil legal obligation (Article 6.1 (c) of the GDPR). | Personal data is stored for such period that is necessary for us to fulfil the specific legal obligation. By way of example, personal data necessary to fulfil book-keeping obligations will be stored for a minimum period of seven (7) years from the end of the relevant calendar year. |
Establish, exercise and defend legal claims and rights, e.g. in connection with a dispute or court proceeding. | Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case. | Legitimate interest (Article 6.1 (f) of the GDPR). It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. | Personal data is stored for this purpose as long as necessary to manage and defend the legal claim. |
4.4 Collection and use of non-personal data
Except as described herein, CAKE may also collect, use and share information that does not, neither directly nor indirectly, personally identify you. Such information may be used for any purpose, including for example, for operational or research purposes, for industry analysis, to improve or modify our products and services, to better tailor our products and services to your needs, and where legally required.
4.5 Opting out of vehicle data
Connectivity and performance is a core part of all CAKE vehicles, allowing for advanced features and an enhanced driving experience. By default, CAKE provides part of this seamless experience while protecting your privacy. However, if you no longer wish for us to collect vehicle data or any other data from your CAKE vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications rely on such connectivity. If you choose to opt out of vehicle data collection we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.
5. How do you revoke your consent?
When CAKE uses your personal data based on your consent, you can withdraw your consent at any time. You can do this by sending an email to hello@ridecake.com. You can also delete uploaded information from the mobile application by ending the services. We will then delete the information.
6. Profiling
“Profiling” means any automated processing of personal data to evaluate certain personal matters, for example by analyzing and predicting your personal preferences, such as buying interest. At the same time, we compare your data with what our other customers, with similar use of our services, have preferred.
We use profiling for the following purposes:
- To deliver customized services, which means customized content on what we think is most interesting for you (this applies to our website and mobile application), and
- To deliver customized marketing to you.
You may object to our marketing profiling at any time by contacting us (and we will then cease profiling for marketing purposes). Where the profiling is based on your provided consent (Article 6.1(a) of the GDPR), you object by contacting us and revoking such consent.
7. Who do we share your personal data with?
When we share your personal data, we ensure that the recipient processes it in accordance with this policy, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law. We limit how and to whom we share your personal data.
7.1 Transfer of personal data to service providers (data processors)
We will transfer your personal data to recipients that provide services to us and that need access to your personal data to provide such services. These service providers provide inter alia IT services (for example software and data storage providers) as well as analytics, performance and communication services (which inter alia enable us to analyse your use of our CAKE website application, provide you with tailored content and communicate with you). Where the service providers process personal data on our behalf, they act as processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obligated to protect your personal data.
7.2 Transfer of personal data to other data controllers
We will also share your personal data with external recipients that are responsible (separate data controllers, unless otherwise is stated) for their own collection and use of your personal data. To read more about for which purposes and which categories of personal data we share with recipients and which legal basis we rely on for sharing personal data, please see below.
Joint controllership with Facebook
To provide you with relevant offers, marketing and communication about us, our businesses and services on our website and on our other digital channels, we share personal data about you (such as IP address, web browser, user behaviour and how you have navigated on our website) with Meta Platforms Ireland Limited (Facebook). Such disclosure is based on your provided consent (Article 6.1 (a) GDPR) when accepting cookies and similar technologies for the same purpose on the CAKE website or application.
When automatically sharing personal data with Facebook by using cookies and similar technology we act, where applicable, as joint controllers for the collection and transfer of your personal data. We and Facebook are, however, sole and separate controllers for the subsequent processing of your personal data.
We have entered into an arrangement with Facebook that describes which role and responsibility that we and Facebook, respectively, have when using your personal data. You have the right to obtain the essence of such arrangement (see reference in below section). Information on Facebook’s use of your personal data and how you may exercise your rights towards Facebook can be found in their Data Policy.
We have entered into a Controller Addendum with Facebook to establish our responsibilities and roles with regard to the use of your personal data for which we and Facebook act as joint controllers.
Joint controllership with LinkedIn
If you visit our LinkedIn pages, we use the tool Page Insights provided by LinkedIn to inter alia receive information on how you and other visitors have interacted with our company pages. This in order to analyse the use of our company pages and to develop and improve the content on such pages.
CAKE and LinkedIn are joint controllers for the processing of your personal data in connection with Page Insights. Consequently, we have entered into a Joint Controller Addendum with LinkedIn to establish our responsibilities and roles with regard to the use of your personal data for which we and LinkedIn act as joint controllers. The processing of your personal data in connection with Page Insights is based on your provided consent (Article 6.1 (a) of the GDPR) by accepting the use of cookies and similar technologies for the same purpose on LinkedIn's website.
Please note that CAKE will not have access to or receive any personal data of you which has generated from Page Insights, i.e. all information received will be on aggregated level which cannot directly or indirectly identify you as an individual.
Categories of recipients with whom CAKE could share your personal data with
Purpose | Recipients | Categories of personal data | Legal basis for the transfer |
---|---|---|---|
To provide secure payments and payment options |
|
|
Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the relevant agreement with you.
Legitimate interest (Article 6.1 (f) of the GDPR. If you represent an organization with which we have entered into an agreement, the use of your personal data is necessary to fulfil our legitimate interest in fulfilling the agreement with such organization. |
Provide you with the services and functionality |
|
All personal data relevant for the purpose. | Legitimate interest (Article 6.1 (f) of the GDPR). When you shop in a CAKE store where the purchase agreement is provided by another company within the CAKE group, the disclosure of your personal information between CAKE companies is necessary to fulfil our legitimate interest in order for the two CAKE companies to manage your purchase and payment, including being able to access the services and functionalities within the CAKE Group. |
Facilitate your contract with us |
|
All personal data relevant for the purpose. | Consent (Article 6.1 (a) of the GDPR). The processing is based on your consent. |
Fulfil legal obligations |
|
Relevant categories of personal data that are necessary to fulfil the specific legal obligation. | Fulfil legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations. |
Manage, defend and exercise legal claims and rights |
|
Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims and rights. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
Respond to legal requests |
|
Relevant categories of personal data that are necessary to respond to the legal request in the specific case. | Legitimate interest (Article 6.1 f) of the GDPR). If there is no explicit legal obligation for us to respond to the legal request, but we consider that we and the public authority have a legitimate interest of we responding to the legal request, we rely on this legitimate interest for the use of your personal data for this purpose. This provided that we make the assessment that the legitimate interest in the specific case, considering the circumstances and context of the legal request, outweighs your interest of not having your personal data processed for this purpose. |
Manage sales, investments, re-organisations and restructuring of the business |
|
Relevant categories of personal data that are necessary to manage the sale, investment, re-organisation or restructuring of the business. | Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the sale, investment, re-organisation and restructuring of the business. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer or investor carries out the same or similar type of business. |
Sell or outsource collection of unpaid debts |
|
|
Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of collecting and selling debts. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. |
Deliver ordered goods |
|
|
Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the relevant agreement with you.
Legitimate interest (Article 6.1 (f) of the GDPR. If you represent an organization with which we have entered into an agreement, the use of your personal data is necessary to fulfil our legitimate interest in fulfilling the agreement with such organization. |
To allow financial institutes to conduct eligibility assessments, in connection with credit applications for lease and financing offerings |
|
|
Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the relevant agreement with you. |
To allow insurance providers to conduct eligibility assessments in connection with applications for vehicle insurance |
|
|
Performance of contract (Article 6.1 (b) of the GDPR) with us or the insurer. The use of your personal data is necessary to fulfil the relevant agreement with you. |
To facilitate repairs and improve costs and service |
|
|
Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the relevant agreement with you.
Legitimate interest (Article 6.1 (f) of the GDPR). If you represent an organization with which we have entered into an agreement, the use of your personal data is necessary to fulfil our legitimate interest in fulfilling the agreement with such organization. |
Provide relevant marketing and tailored content to visitors of our website and other digital channels |
|
|
Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. |
8. How we use cookies and other types of tracking technologies
In addition to the data that you provide directly to us when using our products and services, some data is obtained automatically from your device using “cookies” or similar tracking technologies when you visit our website or our mobile application. Cookies are small text files that are used to store or access information stored on your computer or mobile device. Cookies can remember a user's activity on, for example, a website in different ways and can store information both during the website visit and between visits. The information contained in cookies can also be used to track your surfing on other websites that use the same cookie.
CAKE uses cookies in multiple interfaces, such as the website and mobile application. You can find information about the tracking technologies that CAKE uses, and information about how to accept or decline the tracking technologies, in each interface.
We use cookies to:
- ensure the basic functionality of the website, such as maintaining security and enabling you to fill in forms and questionnaires.
- give you access to enhanced website functionality, such as automatic country recognition and language settings.
- analyze the use of our website and help us make it better by collecting statistics on which pages are popular and which sections visitors click on the website and how long they stay on the page (if you consent to the use of such cookies).
- promote and market our products and services by displaying advertisements on other websites and in social media based on what sections you have clicked on our website and on other websites that use the same cookie (if you consent to the use of such cookies).
Some cookies, including those used to provide basic functionality and maintain security, are necessary for the website to function as intended, and these will be installed automatically on your device based on our legitimate interest to provide you with a functioning and safe website. Other cookies, such as those used for marketing and analytical purposes, will only be installed if you allow us to use such cookies when first visiting our website (as part of selecting your cookie preferences).
The cookies that are placed on your device are so-called third-party cookies, which means that certain third parties have access to the information collected through the cookies. Each cookie has a unique expiration date, which can be viewed in the cookie banner by selecting “settings”.
When you visit our website, you will be requested to set your cookie preferences. You can choose to allow all cookies, including marketing and analytics cookies, to only allow certain types of cookies, or to reject all cookies that are not necessary for surfing on the website. If you have accepted certain cookies and changed your mind, you can disable cookies or adjust your preferences at any time by clicking ‘Cookies’ at the bottom of the website.
9. How do we protect your data?
We take several steps to keep your data secure and protect it against unauthorized or unlawful processing and against accidental loss, destruction, or damage. For example, we take both technical and organizational measures to protect your data through access control, authorization control, entry control, and encryption procedures. We also ensure that our third-party suppliers provide adequate security measures.
10. Where is your data stored and when can we transfer your personal data outside of the EU?
The data that we collect about you is mainly processed and stored within the European Union (EU) but may be transferred to other countries outside of the EU/EEA where our partners, subsidiaries or suppliers are located or maintain facilities. Before transferring data outside of the European Union, we will ensure adequate mechanisms to protect data when it is transferred internationally, for example by using the EU Commission's adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.
For more information on to which third countries your personal data is transferred and the safeguards that we have taken to protect personal data, please contact us at by emailing hello@ridecake.com.
11. Your data protection rights
You always have the following rights in relation to your personal data:
- The right to access your data and to be informed: You always have the right to understand what personal information we collect and share. You have the right to ask us for supplementary information on why we process your data, what data we process, how long we store your data (or what criteria we use for determining the storage period), how we protect your data, who we share your data with, and whether your data is transferred to countries outside of the European Economic Area. You also have a right to receive a copy (“data extract”) of data that CAKE processes about you. Through the data extract you will receive information about what personal data CAKE holds about you, and how we process it.
- The right to correct inaccurate information: You always have the right to correct or ask us to correct any inaccurate data about you if you consider that your personal data is incorrect, incomplete, or misleading.
- The right to request restriction of your data: In certain situations, you have the right to request restriction of your personal data which means that you can, at least for a certain period, stop us from using your personal data. The right to request restriction of your personal data applies if you consider that the personal data about you is incorrect and during the period that we verify this, if the use of your personal data is unlawful and if you wish that we continue to store your personal data instead of deleting the personal data, and if we no longer need your personal data for the purposes for which we collected the personal data, but you need the personal data to manage, defend or exercise legal claims and rights.
You also have the right to request restriction of your personal data if you have objected to our use of your personal data and during the period, we verify whether we have a compelling reason to continue to use your personal data.
If the use of your personal data has been restricted, we are normally only allowed to store your personal data and not use them for any other purpose than to manage, defend or exercise legal claims and rights.
- Right to have personal data deleted (“right to be forgotten”): In some cases you have the right to have us delete personal data about you. For example, you can request us to delete such personal data that we i) no longer need for the purpose that it was collected for, or ii) that we processed based on your consent and you revoke your consent. There are certain situations where CAKE is unable to delete your data, for example when the data is still necessary to process for the purposes for which the data was collected, CAKE’s interest to process the data overrides your interest in having it deleted, if the personal data is needed to exercise, manage, and defend legal claims, or because we have a legal obligation to keep it.
- Right to object against our processing: You have the right to object to processing of your personal data which is based on legitimate interest (Article 6(1)(f) GDPR), by referencing your personal circumstances. If we cannot show a compelling reason to continue to use your personal data, we will stop using your personal data for the relevant purpose. You can also always object to our use of your personal data for direct marketing purposes. If you inform us that you no longer want to receive direct marketing from us, we will turn off marketing for you and stop sending it to you.
- The right to data portability: When technically possible, you have the right to get your data transferred to another service provider. This means that you can request a copy of the personal data that CAKE holds in a machine readable format. This will allow you to use it somewhere else, for example to transfer it to another controller. The right to data portability under this privacy policy only applies, however, to personal data that we handle for the performance of an agreement with you (Article 6.1 (b) of the GDPR) or based on your provided consent (Article 6.1 (a) of the GDPR).
- Right to withdraw consent: When we process your personal data based on consent you have the right to revoke it at any time. When you revoke such consent we will stop processing your data for such purposes.
- Right to lodge a complaint: If you have a complaint against CAKE’s processing of your data you may lodge a complaint with the Swedish Authority for Privacy Protection (https://www.imy.se), which is the Swedish supervisory authority for CAKE’s processing, or your national data protection authority.
- Additional right available to you in France, Spain and Italy - post-mortem right to your personal data: You have the right to give, or designate a person authorized to give instructions relating to the retention, erasure and communication of your personal data after your death.
You may exercise your rights described above by sending a request to hello@ridecake.com. We will respond to your request within 30 days. However, if your request is complicated or if you have submitted several requests, we may need additional time to handle your request. We will in such a case notify you and the reasons of the delay. If we cannot, wholly or in part, comply with your request we will notify you and the reasons for this. We are always committed to handle any request, complaint, or concern that you may have about our use of your data in a lawful, fair, and transparent way.
12. Changes and updates to this privacy policy
Occasionally we may, at our discretion, make changes to the privacy policy in order to improve our services. If we make material changes to the privacy policy, we will provide you with prominent notice as appropriate under the circumstances. If consent is required, you will be given the opportunity to give your consent.
Last amended 30 May 2024.
13. Company details and contact information
Brages BidCo AS
Enterprise No. 932 525 232
Langelandsvegen 2, 6018 Ålesund, Norway
Contact; hello@ridecake.com