Hyvio Privacy Policy

1. Who We Are & How to Contact Us

Lucky Shifts V.O.F. acts as the data controller for the Services offered under the "Hyvio" brand. Our registered office is in Den Haag, the Netherlands. If you have questions about this Privacy Policy or our privacy practices, contact us at hello@hyvio.app.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

Account details: name, email address, password, and profile preferences when you register or update an account.
Travel data: saved stations, favorite routes, notes, preferences, reviews, or feedback you submit.
Communications: inquiries you send to us, survey responses, support requests, or participation in promotions.

2.2 Information Collected Automatically

Device & usage data: IP address, browser type, device identifiers, operating system, referral URLs, and interaction logs to help us run analytics and protect the Services.
Location data: approximate or precise location if you allow location services in the app or browser (e.g., to find nearby stations). You can disable location sharing at any time through your device settings.
Cookies & similar technologies: preferences, session tokens, and analytics cookies that help us understand how the Services are used.

2.3 Information from Third Parties

Data partners: pricing feeds, station availability, sustainability certifications, and other datasets sourced from trusted providers.
Single sign-on or integrations: if you connect a third-party account (such as social media or identity providers) you authorize us to receive certain data as permitted by that provider.

3. How We Use Personal Data

We process personal data for the following purposes:

Provide the Services: create and manage user accounts, deliver station listings, route planning, and other core features.
Personalize experiences: tailor content, recommendations, and notifications to your preferences.
Communicate with you: send service updates, respond to support requests, deliver newsletters or marketing (with your consent where required).
Improve & secure the Services: conduct analytics, monitor performance, detect fraud or abuse, and develop new features.
Comply with legal obligations: maintain records, respond to lawful requests, enforce our agreements, and protect our rights.

4. Legal Bases for Processing (EEA/UK)

Under the GDPR, we rely on the following legal bases to process personal data:

Performance of a contract: when processing is necessary to provide the Services you request (e.g., account management, routing features).
Legitimate interests: to operate, secure, and improve the Services, prevent misuse, and communicate with users about similar services. We balance these interests against your rights.
Consent: for optional activities such as marketing emails, push notifications, or using precise geolocation.
Legal obligations: to comply with applicable laws, regulatory requirements, or court orders.

5. How We Share Personal Data

We share personal data only as described below:

Service providers: trusted vendors who perform services such as hosting, analytics, customer support, email delivery, or payment processing under confidentiality agreements.
Data partners: where necessary to display third-party content (e.g., pricing feeds) or to enrich the Services, subject to contractual safeguards.
Business transfers: in connection with a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of the transaction.
Legal & safety disclosures: to comply with law enforcement requests, legal claims, or protect the rights, property, or safety of Hyvio, our users, or others.
With your consent: when you direct us to share data (for example, with travel companions or community features).

We do not sell personal data in exchange for monetary consideration.

6. International Transfers

Although our core operations are based in the European Union, some of our service providers and partners may be located outside the European Economic Area (EEA), the United Kingdom, or Switzerland. When we transfer personal data to such countries, we implement appropriate safeguards such as European Commission Standard Contractual Clauses, UK IDTA, or equivalent measures. You may request a copy of these safeguards using the contact details above.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When personal data is no longer needed, we will delete or anonymize it. If you delete your account, we will remove or anonymize data within a reasonable period, except where retention is required for legal obligations or dispute resolution.

8. Your Rights

If you are located in the EEA, UK, or other regions with similar data rights, you may:

Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data, subject to legal exceptions.
Object to or request restriction of processing in certain circumstances.
Receive your data in a portable format.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise your rights, contact us at hello@hyvio.app. We may verify your identity before fulfilling the request.

9. Cookies & Analytics

We use cookies and similar technologies to remember preferences, keep you signed in, and analyze how the Services are used. You can control cookies through your browser settings. Certain features may not function properly without cookies. For apps, analytics SDKs may collect device identifiers to help us understand usage trends.

10. Security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children’s Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child without appropriate consent, we will take steps to delete the data. Parents or guardians who believe their child has provided data should contact us at hello@hyvio.app.

12. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any site you visit via external links.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Effective date” and, if appropriate, provide additional notice. Continued use of the Services after the updated Privacy Policy becomes effective signifies your acceptance of the changes.