The protection of your personal data is an important concern for us. When processing this data, Bike24 will strictly observe the applicable provisions of data protection law in the European Union, and of data protection law in the Federal Republic of Germany.
By means of this Data Privacy Statement, we are informing you of what data we collect on our websites, for what purposes we process this data, and to which recipients we may possibly transfer this data, and of the legal bases for the data processing, the period for which the data will be stored, the controllers responsible for the processing, as well as your rights.
1. Controller responsible for the data processing
The controller responsible for the data processing within the meaning of Article 13 (1) a) of the General Data Protection Regulation (GDPR) is:
Email: datenschutz at bike24.net
If you wish to contact our data protection officer, please use the following contact details:
Email: datenschutz at bike24.net
2. Specific details relating to the data processing
2.1. Personal data
Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. Personal data includes, for example, name, address, telephone number, email address, bank account details, credit card number.
2.2. Data processing for the performance of a contract
If you place an order with Bike24, we shall need personal data for the purposes of processing the purchase, including shipping the goods that you have ordered, handling returns or dealing with complaints. Specifically, we shall need details relating to your name, postal address, email address and, if applicable, essential payment details. It is essential that you provide your email address so that we can send you confirmation of receipt of your order, notify you of the shipment of your goods and/or contact you. Therefore, this data processing will take place for the purpose of performing the contract.
Even before a contract is concluded, you may have already contacted Bike24 and, for example, sent us an email enquiry requesting our advice. In this case, the data received from you, such as your email address and possibly your name, will be processed by us for the purpose of carrying out precontractual measures.
Article 6 (1) b) GDPR is the legal basis for data processing for the purpose of performing a contract or for carrying out precontractual measures as a result of an enquiry from the data subject.
For handling your order, Bike24 will pass on personal data to service partners such as payment service providers (including, but not limited to, banks, Paypal, Amazon Pay, credit card companies) and shipping service providers (including, but not limited to, DHL, DPD, Hermes, forwarders), insofar as this is necessary for the performance of your contract. It is also possible that your personal data will be passed on to a supplier delivering the goods directly to you. The recipient must use the transferred data only for the performance of its task. Any use beyond this is not permitted.
Personal data processed for the performance of the contract will be stored by us for the statutory period of limitation.
The data necessary under commercial law or fiscal law will be stored by us for the retention periods prescribed by law under Section 257 HGB [German Commercial Code] and Section 147 AO [Tax Code], generally for a period of 10 years.
Personal data processed for carrying out precontractual measures will be erased within 12 months if no contract is concluded.
You can subscribe to the Bike24 newsletter in the course of the ordering process or separately via our shop website. In any event, we shall use the double opt-in procedure. This means that you will receive from us an email with a link via which you, as the owner of the email address, can confirm your subscription to the newsletter. Only after you have given this confirmation will you be subscribed to the newsletter. Subscribe to the Bike24 newsletter.
Following registration, Bike24 will use your submitted data for marketing purposes. We shall then regularly inform you of, for example, new products, activities or sales campaigns.
We store your e-mail address and the language in which you are using the Bike24 webshop.
Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent.
In addition, we store the data of the application under the double opt-in procedure. Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in proving an existing consent.
The dispatch of the newsletter as well as the storage and administration of the mentioned data will be carried out by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This provider is undertaking a contractually agreed processing of data within the meaning of Article 28 of the GDPR.
Apart from transfering the mentioned data to CleverReach no other data transfer takes place to third parties.
You may revoke your consent at any time with effect for the future. Each newsletter will contain an unsubscribe link. If you use that link, the unsubscribe of your e-mail adress will be executed immediately. Apart from that you can revoke your consent at any time by sending an e-mail to datenschutz at bike24.net.
For reasons of proof and for defence against legal claims the dataset concerning your e-mail address can be stored for up to 3 years after you have unsubscribed. The dataset in question will then be deleted automatically. Article 6 (1) f) GDPR is the legal basis for this data processing.
2.5. Customer account
You have the possibility of creating a Bike24 customer account. This password-protected, personal access offers you a series of useful features, including, but not limited to, viewing of the orders that you have placed in the preceding 2 years, displaying and downloading of your invoices, management of personal customer data, addition and editing of different delivery addresses, saving of a standard payment method and creation of a personal reminder note and/or wish list.
Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent. The data submitted to the customer account will be stored as long as your consent exists. You may revoke this consent at any time with effect for the future. An informal notification using the contact details stated under Section 1 will suffice for this. If your consent is revoked, your customer account, including the data submitted to it, will be deleted.
3.1. What are cookies?
3.2. Personal cookie settings
Technically essential cookies are always enabled. These cookies cannot be deactivated. You are free to decide whether you want to allow comfort cookies or marketing and statistics cookies. The use of these cookie types is only permitted with your express consent. We offer you an overview in which you can make your personal selection for each tool. You must actively consent to the use of these cookie types in order to activate these cookies. There is also the possibility to agree to the use of all cookies with one click.
You can access your personal cookie settings at any time via the footer link „cookie settings“. You can make an individual selection at any time and revoke your consent with effect for the future.
Your personal cookie settings are stored with a cookie on your data carrier. If you do not delete the cookies, you will not be asked again on your next visits to our shop.
3.3. Technically essential cookies
Technically essential cookies are cookies that are absolutely necessary for the use of the website and for whose use an essential justified interest exists. We use the following technically essential cookies:
|Cookie name||Purpose or function||Validity period|
|ID||This cookie contains the session ID. This ID is necessary in order to be able to link a user's actions over multiple website visits. This is necessary in order to be able to, for example, link to a specific user the current shopping basket or a current log-in over multiple website visits.||as long as the browser window is open|
|CookieConsent||This cookie contains your personal cookie settings, which you have defined and saved in our cookie consent tool.||1 year from the date of the last cookie settings saving|
|BlackDealsPopUp||The cookie contains your individual decision to close an advertising banner prominently displayed in the shop for one of our campaigns. The cookie prevents further insertions of this advertising banner for the period of its validity in order to exclude any nuisance from advertising within the meaning of Section 7 (1) UWG (Law against Unfair Competition).||24 hours from your action|
|__cfduid||The cookie is absolutely necessary for Cloudflare's security functions and cannot be deactivated. You can find more information on Cloudflare under Section 8.||1 month from your last visit|
3.4. Comfort cookies
Comfort cookies are cookies that make the use of the shop more pleasant and comfortable, e.g. by additional functions in the shop. We only use comfort cookies if you have given your consent. The web shop can also be used without these comfort cookies. However, the user experience can be significantly worse.
|Cookie name||Purpose or function||Validity period|
|BasketStore||This cookie contains the current shopping cart ID and, if applicable, the assignment of this ID to a user login. The shopping cart ID enables the saving of the shopping cart beyond the actual browser session. The shopping cart data can thus be restored even weeks or months after the last visit to the site.||1 year from the date of the last change to the shopping cart|
The shopping cart cookie ensures that the shopping cart data is saved even after the end of a session. If you close the browser window and, for example, want to continue shopping the next day, the data of the shopping cart is still available.
If you do not allow this cookie to be set, your shopping cart will be empty after closing the browser window. The entire shopping cart data will be lost.
3.5. Marketing and statistics cookies
We use web analysis tools to generate data about the use of our websites in order to improve our shop in a targeted manner and ultimately to achieve a better user experience. We use the web analysis tools Google Analytics and Google Tag Manager from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. In connection with these tools, we also use tracking tools from trbo GmbH, Römerstr. 6, 80801 Munich, Germany. The aforementioned tools also set cookies, provided you have given your express consent in advance as the legal basis for their use by us.
3.6. Technically essential cookies from third-party providers
If you select certain payment methods such as Amazon Pay or Paypal, cookies enabling payment using the respective payment method will be placed.
If we integrate elements of "Facelift Cloud" such as competitions or an advent calendar into our website and you call this page with your browser, a cookie is set by "Facelift Cloud" to identify and prevent attacks against the server infrastructure of "Facelift Cloud". You can find more information on "Facelift Cloud" under Section 9.
If you wish to play YouTube videos integrated into Bike24, cookies will likewise be placed.
In all these cases, cookies are not initially set when the respective page is called up. Cookies are only set as a result of an action by you, e.g. when you select the payment method Paypal active or when you play an embedded YouTube video.
Article 6 (1) f) GDPR is the legal basis for the use of technically essential cookies. The essential justified interest lies in securing the functionality of the Bike24 shop.
Article 6 (1) a) GDPR is the legal basis for the use of comfort cookies (nr. 3.4.) and marketing and statistics cookies (nr. 3.5.). You have given your explicit consent by unsing our cookie consent tool. More about the cookie consent tool and personal cookie settings can be found under nr. 3.2.
3.8. Revocation of consent and deletion of cookies
You can use the cookie consent tool for this purpose. your personal cookie settings can be accessed at any time via the footer link „cookie settings“. You can save a selection without comfort cookies and marketing and statistics cookies.
You can also delete all existing cookies in your browser settings. The next time you visit the Bike24 website you will be asked to make a new decision about your personal cookie settings using our cookie consent tool.
4. Google Analytics and Google Tag Manager
Bike24 uses Google Analytics and Google Tag Manager, web analysis services from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses tracking cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
If IP anonymisation has been activated on this website, Google will however, within Member States of the European Union or the European Economic Area, truncate your IP address beforehand. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and be truncated there. IP anonymisation is active on this website. Google will, on behalf of the operator of this website, use this information to evaluate your usage of the website, put together reports on website activities and provide the website operator with other services relating to website and Internet usage.
The IP address transmitted by your browser within the framework of Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that you may then possibly be unable to fully use all features of this website. By downloading and installing the browser plugin available at the following link, you can, furthermore, prevent data (including your IP address) generated by such cookie relating to your use of the website from being collected and transmitted to Google and being processed by Google: browser add-on for deactivating Google Analytics.
Bike24 uses Google Analytics with the setting "anonymizeIP". As a result, IP addresses are further processed by Google Analytics only in truncated form in order to rule out the possibility of persons being directly individualised.
In connection with the use of Google Analytics and Google Tag Manager, we also use tracking tools from trbo GmbH, Römerstr. 6, 80801 Munich, Germany. These help us to understand which pages are particularly attractive to users of our services, which products interest our customers most and which individual offers we should make to our website users in each case. The data collected and used in this context is always stored only under a pseudonym (e.g. a random identification number) and is not combined with other personal data about you (e.g. name, address, etc.). Cookies and web beacons are used for this purpose, which collect the following data: which pages are visited when, how often and in what order, which products are searched for, which links or offers are clicked on and which orders are placed. If you revoke your previously given consent for the use of Google Analytics and Google Tag Manager, the use of the tracking tools of trbo GmbH will also be terminated.
5. Google reCAPTCHA
Bike24 uses the service "Google reCAPTCHA" on this website. Provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We use Google reCAPTCHA to prevent misuse through automated data entry. This applies in particular to pages on which users enter certain form data and transmit it to our servers. Google reCAPTCHA makes it possible to distinguish between data input by humans and automatic data input.
The service analyses the behaviour of the user on the website in the background. Google reCAPTCHA uses certain characteristics to determine whether the website is naturally operated. Google reCAPTCHA transmits your IP address and possibly other data (e.g. about the device you are using) to Google.
Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in in the prevention of abuse and/or spying on our web page as well as in the prevention of SPAM.
You can find more information about Google reCAPTCHA and Google's privacy statement at: https://www.google.com/intl/en/policies/privacy/
6. Log files
When you visit the Bike24 website, your Internet browser will send usage data to our servers. Usage data is logged in so-called log files by our servers. In this respect, the following will be stored: the data and time, the type of request, the log type and access status, the size and name of the file, the IP address from which the request originated, the referrer URL (information on the website from which you have arrived at our website), information on the Internet browser used (e.g. which browser is used, the version number of this browser and the type of encryption).
We use log files to monitor the functionality and performance of our shop and to further develop and improve the Bike24 shop. As a result, any malfunctioning of the shop, for example, will be recorded and subsequently remedied by us. Furthermore, the storage of data in log files takes place for security reasons to ensure secure operation of our system.
Article 6 (1), f) GDPR is the legal basis for this data processing. The essential justified interest lies in securing the functionality of the shop and ensuring secure operation of our shop servers. The users' IP addresses will be deleted or anonymised after a maximum of 10 days.
7. Content Delivery Network (CDN)
Bike24 uses the service provider CDN77, DataCamp Ltd, London, which will, on our behalf, deliver certain content from the Bike24 shop website to you or your browser. This content includes, but is not limited to, product images. On the one hand, this service provider enables, by means of its infrastructure, speedy delivery of this data to you. In parallel, the service provider will deliver the data from a server situated as physically close to you as possible. Both these services will minimise loading times and improve the user experience for you.
The CDN service provider will necessarily receive your IP address.
Generally, no log data will be recorded. Only in the case of faults log data will be recorded by the CDN service provider for fault analysis. In this respect, the IP address will be stored only in anonymised form; the log file will be deleted after a maximum of 10 days.
Article 6 (1), f) GDPR is the legal basis for this data processing.
We use the Cloudflare application from Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107 USA on this website to make our website faster and more secure. Cloudflare offers a worldwide distributed content delivery network with DNS. Cloudflare creates copies of our website and places them on their own servers. This ensures that when you visit our website, it is delivered from the server that can display our website the fastest. Cloudflare simultaneously blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources or try to attack our systems in other ways.
In order to provide this service, the entire data transfer between your browser and our websites flows through the infrastructure of Cloudflare. Cloudflare delivers the content of our website and analyzes the data stream to fend off attacks.
For this purpose Cloudflare receives information about IP addresses and DNS protocol data. For additional security reasons Cloudflare also uses a cookie. The cookie is absolutely necessary for Cloudflare's security functions and cannot be deactivated.
Guaranteeing the security and availability of our website represents a legitimate interest on our part in accordance with Article 6 (1), f) GDPR. Regarding the passing on of data, we have concluded a corresponding agreement with Cloudflare for contractually agreed upon data processing according to Article 28 GDPR.
Under normal circumstances Cloudflare stores your data for up to seven days. However, if your IP address triggers a security warning at Cloudflare, exceptions to the above mentioned storage period may occur.
Since Cloudflare stores personal data on servers in the USA as well as in the European economic area, we have also concluded EU standard contract clauses with Cloudflare regarding the transfer of personal data to the USA. A resolution by the European Commission on the adequacy of data protection levels in the USA is currently not available. You can request a copy of the EU standard contract clauses from us. Cloudflare only receives anonymized data with the IP address. This is an additional protective measure in the event of access to your data by security services based in the USA.
9. Facelift Cloud
We use the "Facelift Cloud" service to coordinate our marketing activities, to carry out certain online marketing campaigns such as competitions or our Advent calendar and for the integrated control and administration of our social media activities. "Facelift Cloud" is a service of "Facelift brand building technologies GmbH (Facelift bbt), Gerhofstr. 19, 20354 Hamburg, Germany". This provider is undertaking a contractually agreed processing of data. Facelift bbt is contractually obliged to ensure the protection of your data by suitable technical and organisational measures. The legal basis for contractually agreed processing of data is Article 28 of the GDPR.
If we implement competitions or the Advent calendar on our website with "Facelift Cloud" and you call up the relevant page of the Bike24 shop, the modules of "Facelift Cloud" collect data on the device you are using and on the browser you are using. The data collected includes the type of device, operating system, browser and browser version, local time of access, language used, screen resolution and browser plug-ins used. This data is processed to ensure the functionality and performance of Facelift Cloud services on as many devices as possible. In addition, the IP address from which you visit the site is stored to prevent misuse of the service. The IP address is stored anonymously and only temporarily. In general, the above data is stored exclusively on servers based in Germany. In addition, "Facelift Cloud" sets a cookie to identify and prevent attacks against the server infrastructure of "Facelift Cloud". The legal basis for the aforementioned data processing is Article 6 (1) f) GDPR.
10. Social Media
On the Bike24 website you will find links to social media platforms from Facebook, Youtube, Instagram and Twitter where Bike24 is represented and offers content. These are static links. Bike24 does not use social media plugins.
Bike24 is represented in social media in order to get in touch with our customers, interested parties and other users and to inform them about products, events or competitions. We would like to point out that personal data is collected and processed by the respective provider when you visit the corresponding pages. The legal basis for the processing of users' personal data is Art. 6 (1), f) GDPR. The essential justified interest of Bike24 lies in the optimal design and improvement of the company presentation.
If you use our offers in the respective social network as a logged-in member, your consent to data processing pursuant to Art. 6 (1), a) GDPR is given to the social media platform. In order to understand and improve our activities, we use corresponding evaluations in the form of statistics provided by the respective provider.
Bike24 uses the technical platform of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the aforementioned information service.
Please note that you are responsible for using this Facebook page and its functions. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When you visit our Facebook page, Facebook collects your IP address, among other data. This and other information is used to provide us, as the operator of the Facebook pages, with statistical data about the use of our Facebook page. Facebook provides further information on this under the following link:
The data collected about you will be stored and processed by Facebook Ltd. outside the European Union if necessary. We cannot provide any information about whether and how Facebook uses visitor data from our Facebook page for its own purposes. Nor do we have any information as to whether your data is passed on to third parties, combined with data from other Facebook offers, how long Facebook stores data and whether page visits are assigned to individual users. You can read about what information Facebook actually receives and how Facebook uses it in Facebook's data usage guidelines. In the data usage guidelines you will also find further contact options for Facebook as well as setting options for advertisements. The Data Usage Guidelines can be found here:
The complete Facebook data guidelines can be found here:
Bike24 itself does not collect and process any further data from your direct use of Facebook. Data processing is only possible for sweepstakes or competitions. In these cases, we use contact data, for example, to contact winners of our raffles. Bike24 uses the software Facebook Insights for a general evaluation of the Facebook page. Here we are provided with anonymous data from Facebook that does not allow any conclusions to be drawn about individual users. As already mentioned, we use this statistical data from Facebook Insights to design and improve our Facebook offering accordingly.
According to Facebook, Facebook stores your IP address when you visit our Facebook page. According to Facebook, this is anonymized and deleted after a storage period of 90 days (German IP addresses). In addition, Facebook stores information about the end devices that you use for the visit. By assigning IP addresses, individual users may be identified.
Facebook stores cookies with your Facebook ID on your device when you are logged in to Facebook. This cookie enables Facebook to track your page views within Facebook. This applies to the Facebook page of Bike24 and also to Facebook pages of other providers. If you use a Facebook button embedded in a website, Facebook may associate that use with your profile. This makes it possible for Facebook to offer you advertising that results from your user behavior.
You can avoid this by logging out of Facebook before visiting the Bike24 Facebook page and disabling the "Stay signed in" feature. In addition, you must delete all cookies from your device and restart your browser. You can then use our Facebook page without having your Facebook ID processed.
If you want to use functions on Facebook to interact with us (like, comment, share, news, etc.) you will be shown a login screen. This form of interaction is only possible for registered Facebook members. However, as soon as you are logged in again, you will be recognizable as a user for Facebook again. Further information on the Facebook data policy can be found under the following link:
Bike24 uses the technical platform and services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA for the short message service offered here.
Please note that you are responsible for using Twitter and its functions. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
If you use Twitter, your data will be stored and processed outside the European Union. The data that may be transmitted includes your IP address, the application you are using, and information about the device you are using. It may also include information about your location and the websites you visit.
Twitter links this collected data to your Twitter account and may be able to create a behavioural profile. Bike24 cannot influence the nature and extent of the data collected by Twitter. We also have no control over whether Twitter passes on your data to third parties or for what purposes Twitter uses the stored data.
Under the following link you will find information about which data Twitter collects and processes according to its own statement:
If you have a Twitter account and would like to view information about the data you have stored on Twitter, you can do so at the following link:
You can also use the Twitter data protection form to send your questions about data protection directly to Twitter. You can also download your Twitter archive:
Bike24 itself does not collect and process any other personal data from your direct use of Twitter. We use Twitter Analytics for a statistical evaluation of our activities on Twitter. This function enables us to optimally design our presence on Twitter and does not allow any conclusions to be drawn about the data of individual users.
In the settings of your Twitter account you have the option to restrict the processing of your data by Twitter ("Privacy and Security"). Here you also have the option of restricting Twitter access to your contact and calendar data, photos and location data on your end device. You can find information about this on Twitter under the following links:
Bike24 nutzt für den genannten Dienst die technische Plattform von Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland bzw. Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). Instagram speichert personenbezogene Daten von Ihnen, wenn Sie diese Seite besuchen.
By processing information, Facebook is able to distribute advertising for its users via its own network. The data processing by Facebook also enables Bike24 to use statistics provided by Facebook. In this way, Bike24 can optimally design its own content and better reach its users. Parts of these statistics contain demographic and geographical information. However, Bike24 has no influence on the underlying data. These data are not known to us in their entirety.
It is likely that the data collected about you by Facebook Ltd. will be stored and processed outside the European Union.
As a user of Instagram, you can influence the storage of data and the recording of user behavior through Instagram in your profile settings by making the appropriate settings.
Instagram users can use the Advertising Preference settings to control the extent to which their user behavior is captured when they visit our Instagram page.
For more information, see the Facebook and Instagram settings:
or the form to the right of objection under:
If you want to avoid cookies being placed by Facebook and prevent the associated processing of your data, set your browser so that no third-party cookies or Facebook cookies are allowed.
On the Bike24 website, videos of selected articles and brand shops of the corresponding brands are displayed, for example. The videos are made available on the video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, (YouTube) by the brands. In addition, Bike24 maintains its own Youtube channel.
YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".
Videos are used by Bike24 exclusively within the "Extended Privacy Mode". According to Youtube, this function only transmits user data to Youtube when a video is actually started.
If you start a video as a logged in Youtube member, the call of the video will be associated with your YouTube account. You can prevent this information from being linked if you log out of your YouTube customer account before visiting our website. Alternatively, you can make the necessary settings in your YouTube account.
Youtube stores permanent cookies on your end device in order to guarantee functionality and to analyse user behaviour. You can prevent the storage of cookies on your terminal device by making the appropriate settings in your browser.
Under the following link you will find further information on data collection by Google and on your rights against Google:
https://policies.google.com/privacy data protection information.
10.5. Further information
If you wish to assert your rights of data subjects against the social media platforms mentioned above, it is ideal to contact the respective platform directly with your request for information. Even if a joint responsibility arises from the cooperation between Bike24 and the individual platforms, the platforms alone have the opportunity to provide you with full information about the data stored by you there. However, should our support be necessary, you can contact us at any time.
If you have any questions regarding data protection, please contact our data protection officer at datenschutz at bike24.net.
If you have any questions about a current order or need advice on a product, please contact our competent service team exclusively. Information for contacting us can be found here:
For data protection reasons, we do not make our customer service available via "social media platforms".
11. Your rights as a user
Below, we would like to summarise for you your rights under the General Data Protection Regulation.
11.1. Right to revoke your declaration of consent under data protection law (Article 7 (3) GDPR)
You have the right time to revoke your consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation. Before you give your consent, you will be informed hereof.
11.2. Right of access (Article 15 GDPR)
Under Article 15 GDPR, you have the right to demand from us confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and the following information:
- the purposes for which we process this data;
- the categories of personal data processed by us;
- to whom this personal data has been disclosed, or is yet to be disclosed, particularly in the case of disclosure to recipients in third countries or at international organisations;
- if possible, the envisaged period of storage of the personal data, or, if this is not possible, the criteria used to determine this period;
- the existence of a right to rectification or erasure of the personal data concerning you, or a right to restriction of processing by us, or a right to object to processing by us;
- the existence of a right to lodge a complaint with a supervisory authority;
- in cases where the personal data is not collected from you, all available information concerning the origin of the data;
- whether automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR, takes place, and, if so, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
- If personal data is transferred to a third country or to an international organisation, you will have the right to be informed of what suitable safeguards have been put in place to ensure that these recipients also comply with the provisions of the GDPR.
11.3. Right to rectification (Article 16 GDPR)
You may demand that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will, additionally, have the right to demand that incomplete personal data be completed, also by means of a supplementary statement.
11.4. Right to erasure or "right to be forgotten" (Article 17 GDPR)
You have the right that we erase data without delay if one of the following grounds applies:
- The data is no longer needed for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based, and there is no other legal basis for the processing.
- In accordance with Article 21 (1) GDPR, you lodge an objection to the processing for reasons ensuing from your particular situation, and there are no overriding legitimate reasons for the processing.
- In accordance with Article 21 (2) GDPR, you lodge an objection to processing for direct marketing purposes.
- The data has been unlawfully processed.
- It is necessary to erase the data in order to fulfil a legal obligation under European or German law.
- The data has been collected in relation to an offer of information society services in accordance with Article 8 (1) GDPR.
If we have made your data public and are obliged to erase it, we shall, with due regard being given to the available technology and the implementation costs, take appropriate measures to inform the controllers that you have requested the erasure of your data.
11.5. Right to restriction of processing (Article 18 GDPR)
According to Article 18 GDPR, we must restrict the processing of your data in the following cases, namely if:
- you dispute the accuracy of your data, in which case the processing will be restricted until we have been able to check the accuracy;
- the processing is unlawful, and you decline to have your data erased and demand instead that use of your personal data be restricted;
- we no longer need the data for the purposes of the processing, but you need this data for asserting, exercising or defending legal claims, or
- you lodge, in accordance with Article 21 (1) GDPR, an objection to the processing for reasons ensuing from your particular situation, as long as it has not yet been established whether the legitimate reasons for the processing by us outweigh your interests.
If processing is restricted, we shall merely be permitted to store this data. Any processing beyond this will then be permissible only with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of an important public interest of the Union or a Member State.
You may at any time revoke your consent given in this connection.
You will be notified by us before the restriction is lifted.
11.6. Notification obligation (Article 19 GDPR)
All recipients to whom your data has been disclosed must be informed by us of any rectification or erasure of your data, or of any restriction of processing. This will be inapplicable only insofar as this proves to be impossible or is associated with disproportionate expense. We shall inform you of these recipients if you so request.
11.7. Right to data portability (Article 20 GDPR)
You have the right to receive in a structured, commonly used and machine-readable format the data concerning you that has been provided to us. Additionally, you have the right that we transfer this data to a third party insofar as
- the processing of the data is based on your consent or on a contract, and
- the processing takes place by automated means.
In this respect, you may demand that we transfer your data directly to such third party insofar as this is technically feasible. This right must not impair the rights and freedoms of other persons.
11.8. Automated decision-making in individual cases, including profiling (Article 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or that impairs you in a similar manner. This will not apply if:
- you have given your express prior consent thereto, or
- the decision is necessary for the conclusion or performance of a contract between us, or
- applicable legal provisions permit this, and these provisions contain appropriate measures for protecting your rights and freedoms as well as your legitimate interests.
In the first two cases, we shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests. This includes your right to state your own point of view, your right to challenge the automated decision and your right to intervention by one of our employees.
11.9. Right to object (Article 21 GDPR)
If we process your data on the basis of a legitimate interest (Article 6 (1) f GDPR), you will have the right to lodge an objection thereto if the grounds for this ensue from your particular situation. This also applies to any profiling based on these provisions. In this case, we shall no longer process your data, unless we can prove that the reasons for the processing are compelling and worthy of protection. This must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.
Insofar as we process your data in order to engage in direct marketing, you may lodge an objection to the processing of your data. This also applies to profiling insofar as profiling is related to such direct marketing.
Following your objection, your data will no longer be processed for these purposes.
To lodge an objection, merely send a corresponding informal notification using the contact details given in Section 1.
11.10. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the data concerning you breaches the General Data Protection Regulation. Further legal remedies under administrative law, or judicial remedies, to which you may possibly be entitled will remain unaffected hereby.