Last Updated: May 25th, 2018
Who we are
Sherlock designs and manufactures GPS antitheft and tracking devices and tools, that allows Users to locate their bike in every moment and retrieve it in case of theft.
These solutions consist of an electronic device, produced by Sherlock and sold on its Website, and its related service provided through the mobile app, available on the app stores.
The Data manager and Website owner is:
C.so Castelfidardo 30/A
10129 Torino (TO), ITALY
Sherlock is constantly striving to protect Users’ personal data; however, no data transmission on the Internet can be considered absolutely safe, thus Sherlock is not responsible of the security of any data provided by the Users. All Users’ personal data are exclusively transmitted at their own risk.
What personal data we collect and why we collect it
When activating a Product, creating o logging into your account on the App, subscribing to a newsletter, or contacting our support staff, Sherlock can collect a series of personal data (“Personal Information”) which eventually may include name, postal address, telephone number and e-mail. All Personal Data may be collected and/or treated by Sherlock S.r.l. in Italy or in another EU member State, according to EU Directive 95/46/EC.
Visit to our Website
Sherlock collects data from all the Users who visit the Website, even if they don’t have an account.
When a User visits the Website, Sherlock collects data from industry-standard registers that store information about the visit, such as: the type of browser, the operating system, the URL of the page from which the visit has been redirected, the actions taken and the IP address of the visited pages, and other similar information.
Sherlock uses all the data collected to provide pertinent information about Users’ location, to enhance the experience of visiting the Website and to verify if the Website is working correctly.
Sherlock collects data from all the Users who visit the Website also to enhance the purchasing experience, such as:
- Products the User has viewed: Sherlock will use this to, for example, show you products the User has recently viewed;
- Location, IP address and browser type: Sherlock will use this for purposes like estimating taxes and shipping;
- Shipping address: Sherlock will ask you to enter this to, for instance, estimate shipping before the User places an order.
Sherlock also collects Cookies data. For more details, please refer to our Cookies Policy.
Embedded content from other websites
The Website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
When Creating a Sherlock Account
To purchase our products from the Sherlock Store, Users must create an account on the Website (”Sherlock Website Account”). When Creating a Sherlock Website Account, some personal data are required, including email address and shipping address information.
To access the data collected by the Sherlock Products, Users must create a mobile App account (”Sherlock App Account”). When creating a Sherlock App Account, some personal data are required, including full name, email address, type of bike owned, address of domicile/residence.
Sherlock App Account and Sherlock Website Account are two different account and they’re not connected to each other, even if they belong to the same User.
Users may also create an Account on our App or our Website using different credentials, as well through their social media login credentials, (i.e. Facebook). In this case, the system sends an authorization request to the social media, provided by the User, in order to access to the basic information of the social media account, i.e.: name, profile picture and friends list.
Users can stop sharing this information with Sherlock at any time, by removing all access authorization to their personal account on the social media.
When purchasing in the Sherlock Store
When purchasing in the Sherlock Store, Sherlock will ask you to provide information including the User’s full name, billing address, shipping address, email address, phone number and account information like username and password.
Sherlock will use this information for purposes, such as, to:
- Send information about the User’s account and order
- Respond to the User requests, including refunds and complaints
- Process payments and prevent fraud
- Set up the User’s Sherlock Website Account
- Comply with any legal obligations Sherlock has, such as calculating taxes
- Improve the Sherlock Store offerings
- Send to the User marketing messages, if the User chooses to receive them
If Users are logged in their Sherlock Website Account while purchasing a Product on the Sherlock Store, the purchase order is associated to the User’s Sherlock Website Account and the information provided will be used to populate the checkout for future orders.
Sherlock stores the shipping address information in order to fulfill the order directly or through our partners.
Sherlock never views or shares, nor stores in any way Users’ credit card information or other similar data. All payment information is managed by a third-party service (Stripe). For more details, please refer to https://stripe.com/gb/privacy.
Sherlock will also store comments or reviews, if the User chooses to leave them.
When activating a Sherlock Product
When activating a Sherlock Product, Users must download the Sherlock App on their smartphone, and create a Sherlock App Account by entering their data, such as: full name, email address, type of bike owned, address of domicile/residence. This information will be used by Sherlock, first of all, to provide the Sherlock Services to Users, to generate statistics and to create the bike passport, which could be shared with the law enforcement if necessary.
When adding information to the account
At any time, Users can customize the Sherlock interface, on the App, adding extra information to the Sherlock App Account, including: photo to customize the profile or photo of the bike owned. These data are collected by Sherlock and stored with the other information of the Sherlock App Account.
When syncing a Sherlock Product
When syncing a Sherlock Product with the App, all data about the rides are transferred from the Product to our servers. These data are stored and used to provide the Sherlock Services. Each time a sync occurs, we also log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing.
When activating location services
In order to determine the Users’ location, Sherlock collects data, including: GPS signals, device sensors, Wi-Fi access points, and the IDs of the cell towers. We store this information together with the Sherlock Account data to provide location services. By using a map service, all information about the Users’ location are sent to the service in order to display the location on the map; however, map services are not allowed, by contract, to share or use such data for other purposes.
Requests for assistance
When Sherlock receive a request for assistance, the data shown in the request (i.e.: name, email address and any additional data) are processed through a third-party service (Zendesk), in order to provide the requested assistance and improve the service. For more details, please refer to https://www.zendesk.com/company/customers-partners/privacy-policy/.
Our assistance service could be contacted through the social network, (i.e. Twitter or Facebook). However, Sherlock is not responsible and does not guarantee in any way the confidentiality of the information shared by these channels.
Use of the data
Sherlock process all personal data collected by using electronic or automated systems, assuring security and confidentiality of all data collected, in accordance with the provisions of the Privacy Code.
Sherlock may use the Users’ personal data for the following purposes:
- Customer Support. When Users interact with our customer service by e-mail, phone or in person, Sherlock may collect: personal information pertinent to the situation, including: full name, email address, telephone number and contact preferences; information about purchased Sherlock products, including: serial numbers, purchase date and (if applicable) event logs useful for diagnosing performance problems for products or applications; information relating to a support or a service issue. Sherlock will use this information to provide customer service and product support.
- Purchasing. If Users are logged in their Sherlock Website Account while purchasing a Product in the Sherlock Store, the purchase order is associated to the User’s Sherlock Website Account. We store the shipping address information in order to fulfill the order directly or through our partners. If you are not logged into your account at the time of purchase, we do not associate that data with your Sherlock Website Account, however we save the data so that we can provide customer service related to the purchase.
Data shared with third parties
Sherlock does not sell data to third parties that allow the Users’ identification; however, Sherlock may share such data with its partners, in de-identified and aggregated form, or for the sole purpose of providing its Services
Data that could identify the User
Personal identifiable information are data that includes the name or another User ID that can be traced back to the name, postal address or email or other information that personally identifies a User.
Sherlock will share this data only under the following circumstances:
- With the Police: in case of thief of the Users’ bicycles;
- With companies engaged in providing services to Sherlock like: process orders, emails or credit card management. These companies are obliged by contract to protect all personal data received from Sherlock.
- When disclosure is reasonably necessary to comply with a law, regulation, or legal proceedings. In this case, Sherlock will do its best to provide Users with notice in advance by email, unless Sherlock is prohibited by a court order from doing so or where the request or legal process is directly related to a regulatory investigation. In the latter case, Sherlock will ensure User that any information disclosed is treated as confidential.
- If Sherlock believes that disclosure is necessary in order to prevent serious and imminent damage to persons or property, or to prevent fraud, or to protect the safety of Sherlock and User data services.
Data that does not personally identify the User
Sherlock may sell or share aggregate data, that does not personally identify the Users with partners or the general public. In providing this information, Sherlock will take all legal and technical measures to ensure that the data do not allow to trace the identity of the Users.
Data for which the User gives consent for sharing
Who on the Sherlock team has access
Members of the Sherlock team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like the User’s full name, email address, and billing and shipping information.
The Sherlock team members have access to this information to help fulfill orders, process refunds and support you.
Sherlock store the Users’ personal data of only for the time necessary to provide its services unless a longer period of storage is required by law. For example, Sherlock will store order information for 5 years for tax and accounting purposes. This includes your full name, email address and billing and shipping addresses.
After this period, Users’ personal data will be processed anonymously.
If you leave a comment on the Sherlock Website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on the Sherlock Website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
How to change data
The data provided to Sherlock through the Website or the App may be edited in the User preferences. By removing User data from the Account, they will not be visible to the User anymore, who will no longer able to use the Sherlock Services. The backups of the User data will remain stored by Sherlock, on its servers.
How to deactivate the Sherlock Account
Users can deactivate the Sherlock Account by contacting our customer service. In this case, the personal identification data will be removed from the Service, including, among others, email address, and any customizations. Backup copies of this data will be removed from Sherlock server based upon an automated schedule, which means it may persist in our archive for a short period of time. Sherlock may continue to use Users’ aggregated and de-identified data.
Can you opt-out of receiving Sherlock emails?
Users can opt-out of receiving Sherlock emails by changing the notification preferences in your account settings or unsubscribing via the “Unsubscribe” link present in all emails sent by Sherlock. The Opting-out of these emails will not end transmission of important service-related emails that are necessary to your account maintenance or to use the Sherlock Services.
At any time, Users may exercise their rights under sect. 7 of the Italian Privacy Code – which for convenience is reproduced in full below – in order to obtain confirmation of the existence or not of their personal data, to know their content and origin, verify its accuracy or request its integration updating, or correction. Under the same provision the User may also request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and oppose any case, for legitimate reasons, their treatment. Requests should be addressed at Sherlock, in acting as the controller, at the contacts indicated at the end of this webpage.
(Right to Access Personal Data and Other Rights)
- A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data inintelligible form.
- A data subject shall have the right to be informed
- a) of the source of the personal data;
- b) of the purposes and methods of the processing;
- c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
- d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); and
- e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
- A data subject shall have the following rights:
- a) to obtain updating, rectification or, where interested therein, integration of the data;
- b) to obtain erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
- c) to obtain certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
- A data subject shall have the right to object, in whole or in part,
- a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Sherlock policy with respect to children
Our services are not intended for persons under 13 years. In compliance with the Italian laws and the UN Convention on the Rights (Convention on the Rights of the Child – CRC) of 11.20.1989, If we learn that we have collected the Personal Information from a child under 13, we will take steps to delete the information as soon as possible. Users who eventually are aware of a User under the age of 13 using a Sherlock Website or App are invited to contact us at firstname.lastname@example.org.
Corso Castelfidardo 30/A
10129 Torino, Italia