Privacy Policy

1. Controller responsible for the data processing

The controller responsible for the data processing within the meaning of Article 13 (1) a) of the General Data Protection Regulation (GDPR) is:

Bike24 Holding AG
Breitscheidstr. 40
01237 Dresden Germany
Tel.: 0351/417497-50
Fax.: 0351/417497-79
E-mail: datenschutz@bike24.net

If you wish to contact our data protection officer, please use the following contact details:

Breitscheidstr. 40
01237 Dresden
Germany
E-mail: datenschutz@bike24.net

2. Data processing

2.1. Personal data

Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. Personal data includes, for example, name, address, telephone number, email address.

2.2. Logfiles

When you visit this website, your Internet browser will send usage data to our servers. Usage data is logged in so-called log files by our servers. In this respect, the following will be stored: the data and time, the type of request, the log type and access status, the size and name of the file, the IP address from which the request originated, the referrer URL (information on the website from which you have arrived at our website), information on the Internet browser used (e.g. which browser is used, the version number of this browser and the type of encryption). We use log files to monitor the functionality and performance of our website and to further develop and improve this website. As a result, any malfunctioning, for example, will be recorded and subsequently remedied by us. Furthermore, the storage of data in log files takes place for security reasons to ensure secure operation of our system. Article 6 (1), f) GDPR is the legal basis for this data processing. The essential justified interest lies in securing the functionality of the website and ensuring secure operation of our servers. The users' IP addresses will be deleted or anonymised after a maximum of 10 days.

2.3. Contact by e-mail or fax message

If you contact us by e-mail or fax, you also send us personal data in addition to the actual message. This is in any case your e-mail address and the further personal data transmitted to us about you by e- mail or fax, such as your name and contact details as well as the contents of the e-mails or fax messages. The provision of a valid e-mail address or a valid fax number as well as your name is necessary in order to identify you as the questioner and to be able to answer your enquiry.

We process and store this data for the purpose of responding to your enquiry. The legal basis for this data processing is Art. 6 (1) f) GDPR. In this respect, our legitimate interest is to properly process and respond to your enquiries. The personal data collected by us for the purpose of processing and answering your enquiry will be deleted after we have answered your enquiry. Any further storage of your personal data will only take place in accordance with Art. 6 (1) c) GDPR and Art. 17 (2) GDPR insofar as we are legally obliged to do so due to storage and documentation obligations.

3. Cookies

3.1. What are cookies?

"Cookies" are small text files that are stored on your data carrier and contain certain settings and data. We only use technically essential cookies for this website.

3.2. Technically essential cookies

Technically essential cookies are cookies that are absolutely necessary for the use of the website and for whose use an essential justified interest exists. The legal basis for the use of technically essential cookies is Art. 6 (1) f) GDPR. The essential justified interest lies in securing the functionality of the website. We use the following technically essential cookies:

3.3. Technically essential cookies from third-party providers

If you want to play YouTube videos embedded on this website, cookies are also set. The cookies are not initially set when you call up the respective page. They are only set as a result of an action by you, e.g. when you play an embedded YouTube video.

8. Cloudflare

We use the Cloudflare application from Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107 USA on this website to make our website faster and more secure. Cloudflare offers a worldwide distributed content delivery network with DNS. Cloudflare creates copies of our website and places them on their own servers. This ensures that when you visit our website, it is delivered from the server that can display our website the fastest. Cloudflare simultaneously blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources or try to attack our systems in other ways.

In order to provide this service, the entire data transfer between your browser and our websites flows through the infrastructure of Cloudflare. Cloudflare delivers the content of our website and analyzes the data stream to fend off attacks.

For this purpose Cloudflare receives information about IP addresses and DNS protocol data. For additional security reasons Cloudflare also uses a cookie. The cookie is absolutely necessary for Cloudflare's security functions and cannot be deactivated.

Guaranteeing the security and availability of our website represents a legitimate interest on our part in accordance with Article 6 (1), f) GDPR. Regarding the passing on of data, we have concluded a corresponding agreement with Cloudflare for contractually agreed upon data processing according to Article 28 GDPR.

Under normal circumstances Cloudflare stores your data for up to seven days. However, if your IP address triggers a security warning at Cloudflare, exceptions to the above mentioned storage period may occur.

Since Cloudflare stores personal data on servers in the USA as well as in the European economic area, we have also concluded EU standard contract clauses with Cloudflare regarding the transfer of personal data to the USA. A resolution by the European Commission on the adequacy of data protection levels in the USA is currently not available. You can request a copy of the EU standard contract clauses from us. Cloudflare only receives anonymized data with the IP address. This is an additional protective measure in the event of access to your data by security services based in the USA.

6. Your rights as a user

Below, we would like to summarise for you your rights under the General Data Protection Regulation.

6.1. Right of access (Article 15 GDPR)

Under Article 15 GDPR, you have the right to demand from us confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and the following information:

• the purposes for which we process this data;
• the categories of personal data processed by us;
• to whom this personal data has been disclosed, or is yet to be disclosed, particularly in the case of disclosure to recipients in third countries or at international organisations;
• if possible, the envisaged period of storage of the personal data, or, if this is not possible, the criteria used to determine this period;
• the existence of a right to rectification or erasure of the personal data concerning you, or a right to restriction of processing by us, or a right to object to processing by us;
• the existence of a right to lodge a complaint with a supervisory authority;
• in cases where the personal data is not collected from you, all available information concerning the origin of the data;
• whether automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR, takes place, and, if so, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
• If personal data is transferred to a third country or to an international organisation, you will have the right to be informed of what suitable safeguards have been put in place to ensure that these recipients also comply with the provisions of the GDPR.

6.2. Right to rectification (Article 16 GDPR)

You may demand that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will, additionally, have the right to demand that incomplete personal data be completed, also by means of a supplementary statement.

6.3. Right to erasure or "right to be forgotten" (Article 17 GDPR)

You have the right that we erase data without delay if one of the following grounds applies:

• The data is no longer needed for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing was based, and there is no other legal basis for the processing.
• In accordance with Article 21 (1) GDPR, you lodge an objection to the processing for reasons ensuing from your particular situation, and there are no overriding legitimate reasons for the processing.
• In accordance with Article 21 (2) GDPR, you lodge an objection to processing for direct marketing purposes.
• The data has been unlawfully processed.
• It is necessary to erase the data in order to fulfil a legal obligation under European or German law.
• The data has been collected in relation to an offer of information society services in accordance with Article 8 (1) GDPR.

If we have made your data public and are obliged to erase it, we shall, with due regard being given to the available technology and the implementation costs, take appropriate measures to inform the controllers that you have requested the erasure of your data.

6.4. Right to restriction of processing (Article 18 GDPR)

According to Article 18 GDPR, we must restrict the processing of your data in the following cases, namely if:

• you dispute the accuracy of your data, in which case the processing will be restricted until we have been able to check the accuracy;
• the processing is unlawful, and you decline to have your data erased and demand instead that use of your personal data be restricted;
• we no longer need the data for the purposes of the processing, but you need this data for asserting, exercising or defending legal claims, or have made your data public and are obliged to erase it, we shall, with due regard being given to
• you lodge, in accordance with Article 21 (1) GDPR, an objection to the processing for reasons ensuing from your particular situation, as long as it has not yet been established whether the legitimate reasons for the processing by us outweigh your interests.

If processing is restricted, we shall merely be permitted to store this data. Any processing beyond this will then be permissible only with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of an important public interest of the Union or a Member State.

You may at any time revoke your consent given in this connection. You will be notified by us before the restriction is lifted.

6.5. Notification obligation (Article 19 GDPR)

All recipients to whom your data has been disclosed must be informed by us of any rectification or erasure of your data, or of any restriction of processing. This will be inapplicable only insofar as this proves to be impossible or is associated with disproportionate expense. We shall inform you of these recipients if you so request.

6.6. Right to data portability (Article 20 GDPR)

You have the right to receive in a structured, commonly used and machine-readable format the data concerning you that has been provided to us. Additionally, you have the right that we transfer this data to a third party insofar as

• the processing of the data is based on your consent or on a contract, and
• the processing takes place by automated means.

In this respect, you may demand that we transfer your data directly to such third party insofar as this is technically feasible. This right must not impair the rights and freedoms of other persons.

6.7. Right to object (Article 21 GDPR)

If we process your data on the basis of a legitimate interest (Article 6 (1) f GDPR), you will have the right to lodge an objection thereto if the grounds for this ensue from your particular situation. This also applies to any profiling based on these provisions. In this case, we shall no longer process your data, unless we can prove that the reasons for the processing are compelling and worthy of protection. This must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

Insofar as we process your data in order to engage in direct marketing, you may lodge an objection to the processing of your data. This also applies to profiling insofar as profiling is related to such direct marketing.

Following your objection, your data will no longer be processed for these purposes. To lodge an objection, merely send a corresponding informal notification using the contact details given in Section 1.

6.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the data concerning you breaches the General Data Protection Regulation. Further legal remedies under administrative law, or judicial remedies, to which you may possibly be entitled will remain unaffected hereby.