Legal

Privacy Policy

Effective date: January 2026

Party Onbici Pty Ltd (formerly Bike Party) (ABN 77 684 853 594) ("we", "us" or "Party Onbici") is committed to privacy protection. At Party Onbici ("this site"), we understand the importance of keeping personal information private and secure.

This privacy policy ("Privacy Policy") describes generally how we manage personal information and safeguard privacy. If you would like more information, please don't hesitate to contact us.

This Privacy Policy forms part of, and is subject to the provisions of, our Website Terms of Use (https://www.partyonbici.com/policies/website-terms-and-conditions/).

1. The Australian Privacy Principles

We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) (“Privacy Act”).

The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the “Australian Privacy Principles”.

2. What is "personal information"?

Personal information held by Party Onbici may include your:

  • name, date of birth and gender;
  • residential and business postal addresses, telephone/mobile/fax numbers and email addresses;
  • bank account and/or credit card details for agreed billing purposes;
  • any information that you provided to us by you during your account creation process or added to your user profile;
  • preferences and password for using this site and your computer and connection information;
  • a unique device identifier generated by the mobile app, used solely for data synchronization and crash report correlation (this identifier is not linked to your identity or used for advertising purposes); and
  • any information that you otherwise share with us.

Information provided to Stripe

All purchases that are made through this site are processed securely and externally by Stripe.

Unless you expressly consent otherwise, we do not see or have access to any personal information that you may provide to Stripe, other than information that is required in order to process your order and deliver your purchased items to you (eg, your name, email address and billing address).

Information provided to Digital iD

Some bike parties may require you to provide verification of your identity. We use Digital iD to verify your identity.

3. How we may collect your personal information

At this site, we only collect personal information that is necessary for us to conduct our business as an online community to meet cyclists travelling to a shared destination.

Information that you provide to us

We may collect personal information that you provide to us about yourself when you:

  • use this site, including (without limitation) when you:
    • create a user account;
    • create a party/route/incident report;
    • join a party
    • add information to your user profile;
    • purchase any services through this site;
    • add reviews, forum or chat room messages or comments in any elements of this site that permit user-generated content;
    • register for access to premium content or request certain premium features; or
    • complete an online contact form to contact us or any third party supplier;
  • provide information to us by telephone or through marketing or competition application forms; or
  • send us an email or other communication.

IP addresses

This site may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network.

Party Onbici collects and manages IP addresses as part of the service of providing internet session management and for security purposes.

Party Onbici may also collect and use web log, computer and connection information for security and analytical purposes to help guide feature development and retirement, prevent and detect any misuse of, or fraudulent activities involving, this site.

3A. Mobile App Data Collection

In addition to the website, Party Onbici offers a mobile application for cycling navigation. The following describes data collection specific to the mobile app.

Ride Data Synchronization

With your consent, the Party Onbici mobile app may synchronize your cycling ride data to our servers. This feature is optional and can be controlled at any time in the app's Privacy Center.

Data that may be synchronized includes:

  • Ride timestamps (start and end times)
  • GPS coordinates and route trajectory
  • Speed, distance, and elevation statistics
  • Accelerometer data (used for road quality assessment and crash detection)
  • Device information (app version, device model, operating system version)
  • An anonymized device identifier (for data correlation only, not linked to your identity)

Purposes of synchronization:

  • Enable backup and restoration of your ride history
  • Allow access to your rides if you change devices
  • Provide anonymized, aggregated data for route planning and cycling infrastructure analysis (e.g., popular routes, road quality insights)
  • Improve app features based on usage patterns

Your control:

  • You can enable or disable ride sync at any time via Settings > Privacy Center in the app
  • You can request deletion of all synchronized data at any time
  • Data synchronized to our servers is encrypted in transit (TLS 1.3) and at rest

Server location: Your ride data is processed and stored on servers located in Australia. For information about cross-border data transfers, see the GDPR section below.

Retention: Synchronized ride data is retained for 90 days unless you request earlier deletion. After this period, data is either permanently deleted or anonymized for aggregate analytics.

Location Data

When using the Party Onbici mobile app:

  • Precise location (GPS coordinates) is collected during ride recording to track your cycling route. This data is stored locally on your device and, with your consent, may be synchronized to our servers for backup purposes.
  • Coarse location (city or region level) is shared with OpenWeatherMap to provide weather information relevant to your area. Your precise GPS coordinates are not shared with weather services.
  • Map tile coordinates are shared with Stadia Maps to display the map. These coordinates indicate the area of the map you are viewing but do not precisely identify your location.

Your location data is never sold to third parties or used for advertising purposes.

4. Cookies

This site uses "cookies" to help personalise your online experience.

A cookie is a text file or a packet of information that is placed on your hard disk by a web page server to identify and interact more effectively with your computer.

There are two types of cookies that may be used at this site: a persistent cookie and a session cookie.

A persistent cookie is entered by your web browser into the "Cookies" folder on your computer and remains in that folder after you close your browser, and may be used by your browser on subsequent visits to this site.

A session cookie is held temporarily in your computer’s memory and disappears after you close your browser or shut down your computer.

Cookies cannot be used to run programs. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

In some cases, cookies may collect and store personal information about you. Party Onbici extends the same privacy protection to your personal information, whether gathered via cookies or from other sources.

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent.

Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer.

If you choose to decline cookies, you may not be able to fully experience the interactive features of this site.

Why we use cookies

This site uses cookies in order to:

  • remember your preferences for using this site;
  • manage the signup process when you create an account with us;
  • recognise you as logged in while you remain so. This avoids your having to log in again every time you visit a new page;
  • facilitate e-commerce transactions, to ensure that your order is remembered between pages during the checkout process;
  • show relevant notifications to you (eg, notifications that are relevant only to users who have, or have not, created an account or subscribed to newsletters or email or other subscription services); and
  • remember details of data that you choose to submit to us (eg, through online contact forms or by way of comments, forum posts, chat room messages, reviews, ratings, etc).

Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.

Third party cookies

In some cases, third parties may place cookies through this site. For example:

  • Datadog and Sentry to assess app and site performance, feature usage, and error tracking;
  • Stadia Maps and Azure Maps to provide location and weather information;
  • Front Chat to provide customer support chat functionality;
  • Firebase Cloud Messaging (Google) and Apple Push Notification Services to deliver push notifications about ride alerts and app updates;
  • third party social media applications (eg, Facebook, Twitter, LinkedIn, Pinterest, YouTube, Instagram, etc) may use cookies in order to facilitate various social media buttons and/or plugins in this site.

5. How we may use your personal information

Your personal information may be used in order to:

  • verify your identity;
  • assist you to make purchases through this site;
  • process any purchases of services that you may make through this site, including charging, billing and collecting debts;
  • make changes to your account;
  • respond to any queries or feedback that you may have;
  • conduct appropriate checks for credit-worthiness and for fraud;
  • prevent and detect any misuse of, or fraudulent activities involving, this site;
  • conduct research and development in respect of our services;
  • collect data in an anonymised form to better understand and provide for user needs or provide information to third parties e.g. popular routes, suburbs, usage times or urban planning;
  • gain an understanding of your information and communication needs or obtain your feedback or views about our services in order for us to improve them; and/or
  • maintain and develop our business systems and infrastructure, including testing and upgrading of these systems,

and for any other purpose reasonably considered necessary or desirable by Party Onbici in relation to the operation of our business.

From time to time we may email our customers with news, information and offers relating to our own services or those of selected partners.

Your personal information may also be collected so that Party Onbici can promote and market products and services to you. This is to keep you informed of products, services, and special offers we believe you will find valuable and may continue after you cease acquiring products and services from us. If you would prefer not to receive promotional or other material from us, please let us know and we will respect your request.

You can unsubscribe from such communications at any time if you choose.

6. When we may disclose your personal information

Information provided to suppliers

When you acquire or access any other goods or services from a third party supplier through this site, we will provide to that supplier such information as is necessary to enable it to process and administer your order.

Such information will include personal information about you, including (without limitation) your name and contact details.

Information provided to other organisations

In order to deliver the services you require or for the purposes set out above, Party Onbici may disclose your personal information to organisations outside Party Onbici. Your personal information may be disclosed to these organisations only in relation to this site, and Party Onbici takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information. These organisations may carry out or provide:

  • authentication and authorisation services;
  • customer enquiries;
  • mailing systems;
  • billing and debt-recovery functions;
  • information technology services;
  • marketing, telemarketing and sales services;
  • market research; and
  • website usage analysis.

In addition, we may disclose your personal information to:

  • your authorised representatives or legal advisers (when requested by you to do so);
  • credit-reporting and fraud-checking agencies;
  • credit providers (for credit-related purposes such as creditworthiness, credit rating, credit provision and financing);
  • our professional advisers, including our accountants, auditors and lawyers;
  • government and regulatory authorities and other organisations, as required or authorised by law;
  • organisations who manage our business strategies, including those involved in a transfer/sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our business risk and funding functions; and
  • the police or other appropriate persons where your communication suggests possible illegal activity or harm to others.

Mobile App Service Providers

The Party Onbici mobile app shares data with the following third-party service providers who process data on our behalf:

  • Sentry (USA, EU) - Crash reporting and error tracking. Receives crash logs, device information, and app state. Does not receive your location data or personal identity.
  • Datadog (USA) - Performance monitoring and anonymized session replay. Receives app performance metrics and masked user interactions. Sensitive inputs are automatically hidden.
  • Stadia Maps (USA, EU) - Map display and route calculation. Receives map tile coordinates and route waypoints for navigation purposes.
  • Azure Maps (USA) - Weather information. Receives only coarse location (city-level) to provide relevant weather data.
  • Front Chat (USA, EU) - Customer support. Receives only the information you choose to share in support conversations.
  • Firebase Cloud Messaging/Apple Push Notification Services (USA) - Push notifications. Receives device tokens only; does not receive your location or ride data.

All service providers are contractually required to:

  • Process data only for the specified purposes
  • Implement appropriate security measures
  • Delete data upon our request
  • Comply with applicable data protection regulations

For users in the EU, transfers to providers outside the EU are protected by Standard Contractual Clauses (SCCs) or equivalent legal safeguards.

7. Contacting us about privacy

If you would like more information about the way we manage personal information that we hold about you, or are concerned that we may have breached your privacy, please contact us by email to privacy@partyonbici.com or by post.

Access to your personal information

In most cases, you may have access to personal information that we hold about you. We will handle requests for access to your personal information in accordance with the Australian Privacy Principles.

All requests for access to your personal information must be directed to the Privacy Officer by email using the email address provided above or by writing to us at our postal address.

We will deal with all requests for access to personal information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. We may charge you a fee for access if a cost is incurred by us in order to retrieve your information, but in no case will we charge you a fee for your application for access.

In some cases, we may refuse to give you access to personal information that we hold about you. This may include circumstances where giving you access would:

  • be unlawful (eg, where a record that contains personal information about you is subject to a claim for legal professional privilege by one of our contractual counterparties);
  • have an unreasonable impact on another person’s privacy; or
  • prejudice an investigation of unlawful activity.

We may also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings.

If we refuse to give you access, we will provide you with reasons for our refusal.

Correcting your personal information

We will amend any personal information about you that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness or currency of a record of your personal information that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.

8. Storage and security of your personal information

We are committed to maintaining the confidentiality of the information that you provide us and we will take all reasonable precautions to protect your personal information from unauthorised use or alteration.

In our business, personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure the security of hard-copy information.

9. Third party websites

You may click-through to third party websites from this site, in which case we recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies to this site only and Party Onbici assumes no responsibility for the content of any third party websites.

Re-marketing

We may use the Google AdWords and/or Facebook re-marketing services to advertise on third party websites to previous visitors to this site based upon their activity on this site. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you. Such advertising may be displayed on a Google search results page or a website in the Google Display Network or inside Facebook. Google and Facebook may use cookies and/or pixel tags to achieve this.

Any data so collected by Google and/or Facebook will be used in accordance with their own respective privacy policies. None of your personal Google and/or Facebook information is reported to us.

You can set preferences for how Google advertises to you using the Google Ads Settings page (https://www.google.com/settings/ads). Facebook has enabled an AdChoices link that enables you to opt out of targeted advertising.

10. GDPR

Party Onbici welcomes the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally. We intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

GDPR rights

The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

  • you are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information for no fee;
  • you may also have a right to:
    • have that information rectified or deleted;
    • restrict our processing of that information;
    • stop unauthorised transfers of your personal information to a third party;
    • in some circumstances, have that information transferred to another organisation; and
    • lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and
  • where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:

  • such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other clients subject to appropriate confidentiality protections; and
  • even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular:
    • to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
    • in exercising and defending our legal rights and meeting our legal and regulatory obligations.

Storage and processing by third parties

Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools.

We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how our clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests.

Party Onbici requires that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.

Duration of retention of your data

We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.

At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, you can ask us to delete your data.

Keeping your information up-to-date

To ensure that your personal information is accurate and up to date, please promptly advise us of any changes to your information by contacting our data protection officer by email at privacy@partyonbici.com or by post.

11. California Consumer Privacy Act (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information:

Your CCPA Rights

  • Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting the information, and the categories of third parties with whom we share it.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: You have the right to opt out of the "sale" of your personal information. Party Onbici does not sell personal information in the traditional sense, but we respect your right to opt out of any data sharing that could be considered a "sale" under CCPA's broad definition.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Do Not Sell My Personal Information

Party Onbici does not sell your personal information to third parties. We may share information with service providers who help us operate our business, but these relationships are not "sales" under CCPA. If you wish to opt out of any sharing that could be considered a sale, please contact us at privacy@partyonbici.com or use the cookie management preferences on our website.

Exercising Your Rights

To exercise your CCPA rights, you may:

  • Email us at privacy@partyonbici.com
  • Export your data through your account settings
  • Delete your account through the account deletion feature

We will verify your identity before processing your request. We aim to respond within 45 days, as required by CCPA.

12. Lei Geral de Proteção de Dados (LGPD) - Brazil

If you are a resident of Brazil, you have specific rights under the Lei Geral de Proteção de Dados (LGPD):

Your LGPD Rights

  • Confirmation and Access: You have the right to confirm whether we process your personal data and to access such data.
  • Correction: You can request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, Blocking, or Deletion: You can request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with LGPD.
  • Data Portability: You can request portability of your data to another service provider.
  • Deletion: You can request deletion of personal data processed with your consent.
  • Information about Sharing: You have the right to information about public and private entities with which we share your data.
  • Information about Consent: You have the right to information about the possibility of not providing consent and the consequences of such refusal.
  • Revocation of Consent: You can revoke your consent at any time.

Legal Basis for Processing

We process your personal data under the following legal bases as defined by LGPD:

  • Your consent, where applicable
  • Performance of a contract with you
  • Compliance with legal obligations
  • Legitimate interests, balanced with your rights and freedoms

International Transfers

Your data may be transferred to and processed in Australia and other countries. We ensure appropriate safeguards are in place, including contractual protections that meet LGPD requirements.

13. Data Protection Officer

Party Onbici has appointed a Data Protection Officer (DPO) / Encarregado to oversee our compliance with data protection regulations including GDPR, LGPD, and CCPA.

DPO Contact Information

DPO Responsibilities

Our Data Protection Officer is responsible for:

  • Monitoring compliance with data protection laws and policies
  • Advising on data protection impact assessments
  • Acting as the point of contact for data subjects and supervisory authorities
  • Handling data subject requests (access, deletion, portability)
  • Coordinating breach notification procedures

Response Times

We aim to respond to all data protection inquiries within:

  • GDPR requests: Within 30 days
  • CCPA requests: Within 45 days
  • LGPD requests: Within 15 days

14. Data Breach Notification Procedure

Party Onbici maintains a comprehensive data breach response procedure to comply with GDPR (Article 33/34), LGPD (Article 48), and other applicable regulations.

72-Hour Notification Commitment

What Constitutes a Data Breach?

A personal data breach is a security incident that leads to the accidental or unlawful:

  • Destruction of personal data
  • Loss of personal data
  • Alteration of personal data
  • Unauthorized disclosure of personal data
  • Unauthorized access to personal data

Our Breach Response Process

Timeline Action
0-24 hours Breach detection, containment, and initial assessment of scope and severity
24-48 hours Risk assessment, evidence preservation, and preparation of notification
48-72 hours Notification to supervisory authorities (GDPR: relevant EU DPA, LGPD: ANPD)
As soon as feasible Direct notification to affected individuals if high risk to rights and freedoms

Notification Content

Our breach notifications will include:

  • Nature of the breach and categories of data affected
  • Approximate number of individuals affected
  • Name and contact details of our Data Protection Officer
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Recommendations for affected individuals to protect themselves

Regional Supervisory Authorities

Region Authority Notification Deadline
🇪🇺 EU (GDPR) Lead Supervisory Authority (Italy: Garante per la protezione dei dati personali) 72 hours
🇧🇷 Brazil (LGPD) ANPD - Autoridade Nacional de Proteção de Dados 72 hours (reasonable timeframe)
🇦🇺 Australia (Privacy Act) OAIC - Office of the Australian Information Commissioner As soon as practicable (within 30 days)
🇺🇸 California (CCPA/CPRA) California Attorney General Expedient notification to affected consumers

How We Protect Against Breaches

  • Encryption of all personal data at rest and in transit
  • Regular security audits and penetration testing
  • Multi-factor authentication for all staff access
  • Automated threat detection and monitoring (Datadog, AWS GuardDuty)
  • Regular security training for all employees
  • Data minimization - we only collect what we need

Report a Security Concern

If you believe you have discovered a security vulnerability or potential data breach, please report it immediately to:

15. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention Periods

Data Type Retention Period
Account data (name, email, profile) Until you delete your account
Ride history and routes Anonymized after account deletion for analytics
Synchronized ride data (mobile app) 90 days, or until you request deletion
Device identifiers (mobile app) Until you delete app data or 1 year of inactivity
Push notification tokens Until you disable notifications or uninstall the app
Party participation records Retained for 2 years after the party date
Server log files (IP addresses, requests) 90 days
Error logs and crash reports 30 days
Backup data 30 days after deletion
Consent records (for compliance) 7 years
Payment/transaction records 7 years (legal requirement)

After Retention Period

When the retention period expires, your data will be:

  • Permanently deleted, or
  • Anonymized (aggregated with other data so it cannot be used to identify you)

Early Deletion

You can request early deletion of your data at any time by:

  • Using the account deletion feature in your profile settings
  • Contacting our Data Protection Officer at dpo@partyonbici.com

Note: Some data may be retained longer if required by law or for legitimate business purposes.

16. Changes to this Privacy Policy

From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the Australian Privacy Principles.

We may notify you about changes to this Privacy Policy by posting an updated version on this site.

If you require any further information about the Privacy Act and the Australian Privacy Principles, you can visit the Federal Privacy Commissioner's website (see www.privacy.gov.au).