COVID-19: Delivery time3 10 to 15 working days to United States

800.000 active customers

Privacy Policy of BIKE24

Privacy & Security

The protection of your personal data is an important concern for us. When processing this data, BIKE24 will strictly observe the applicable provisions of data protection law in the European Union, and of data protection law in the Federal Republic of Germany.

By means of this Data Privacy Statement, we are informing you of what data we collect on our websites, for what purposes we process this data, and to which recipients we may possibly transfer this data, and of the legal bases for the data processing, the period for which the data will be stored, the controllers responsible for the processing, as well as your rights.

1. Controller responsible for the data processing

The controller responsible for the data processing within the meaning of Article 13 (1) a) of the General Data Protection Regulation (GDPR) is:

Bike24 GmbH
Breitscheidstr. 40
01237 Dresden
Tel.: 0351/417497-50
Fax.: 0351/417497-79
Email: datenschutz at bike24.net

If you wish to contact our data protection officer, please use the following contact details:

Breitscheidstr. 40
01237 Dresden
Email: [email protected]

2. Specific details relating to the data processing

2.1. Personal data

Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. Personal data includes, for example, name, address, telephone number, email address, bank account details, credit card number.

2.2. Data processing for the performance of a contract

If you place an order with BIKE24, we shall need personal data for the purposes of processing the purchase, including shipping the goods that you have ordered, handling returns or dealing with complaints. Specifically, we shall need details relating to your name, postal address, email address and, if applicable, essential payment details. It is essential that you provide your email address so that we can send you confirmation of receipt of your order, notify you of the shipment of your goods and/or contact you. Therefore, this data processing will take place for the purpose of performing the contract.

Even before a contract is concluded, you may have already contacted BIKE24 and, for example, sent us an email enquiry requesting our advice. In this case, the data received from you, such as your email address and possibly your name, will be processed by us for the purpose of carrying out precontractual measures.

Article 6 (1) b) GDPR is the legal basis for data processing for the purpose of performing a contract or for carrying out precontractual measures as a result of an enquiry from the data subject.

For handling your order, BIKE24 will pass on personal data to service partners such as payment service providers (including, but not limited to, banks, Paypal, Amazon Pay, credit card companies) and shipping service providers (including, but not limited to, DHL, DPD, Hermes, forwarders), insofar as this is necessary for the performance of your contract. It is also possible that your personal data will be passed on to a supplier delivering the goods directly to you. The recipient must use the transferred data only for the performance of its task. Any use beyond this is not permitted.

Personal data processed for the performance of the contract will be stored by us for the statutory period of limitation.

The data necessary under commercial law or fiscal law will be stored by us for the retention periods prescribed by law under Section 257 HGB [German Commercial Code] and Section 147 AO [Tax Code], generally for a period of 10 years.

Personal data processed for carrying out precontractual measures will be erased within 12 months if no contract is concluded.

2.3. ParcelLab

BIKE24 uses the service provider parcelLab GmbH, Kapellenweg 6, 81371 Munich, Germany, to inform customers about the shipment of their ordered goods and also to send information about the shipment status. In order to make this possible, BIKE24 transmits order data to parcelLab, including personal data that is necessary for parcelLab to provide the service. This includes, among others, name, title, address, e-mail address, order number. ParcelLab acts for BIKE24 within the scope of contractually agreed processing of data within the meaning of Art. 28 GDPR. ParcelLab is contractually obliged to ensure the protection of your data by suitable technical and organisational measures. The legal basis for this data processing is Art. 6 (1) b) GDPR and Art. 28 GDPR. Additional information can be found in the privacy policy of parcelLab: https://parcellab.com/en/privacy-policy/

2.4. Newsletter, Mailings

You can subscribe to the BIKE24 newsletter as part of the ordering process or separately via our shop pages. We use the double opt-in procedure to confirm your request. This means that you will receive an e-mail from us with a link via which you, as the owner of the e-mail address, can confirm your subscription to the newsletter. Only after this confirmation the subscription to the newsletter is complete.

We use the data you provide for advertising purposes after you have registered for the newsletter. We store your e-mail address and the language in which you use the webshop.

If you have consented to personalised advertising, we also process tracking data on your user behaviour when visiting our webshop, including data from purchases made or cancelled and when using our newsletter, for the purpose of personalising our newsletter and our advertising emails. In addition, we may associate the e-mail address used with your order history and the data stored about individual orders placed by you (e.g. your address, your shopping baskets or your purchasing behaviour). Furthermore, we store data on your interests, your title, your name and your date of birth, if and insofar as you have provided this optional information as part of the newsletter registration.

Art. 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent.

The dispatch of the newsletter as well as the storage and administration of the mentioned data are carried out by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany and Emarsys eMarketing Systems GmbH, Märzstrasse 1, 1150 Vienna, Austria. These providers are undertaking a contractually agreed processing of data within the meaning of Article 28 of the GDPR. CleverReach and Emarsys are contractually obliged to ensure the protection of your data through appropriate technical and organisational measures. Apart from transfering the mentioned data to CleverReach and Emarsys no other data transfer takes place to third parties.

You can revoke your consent at any time with effect for the future. Each newsletter contains an unsubscribe link for this purpose. If you use the unsubscribe link, the unsubscribe of your e-mail adress will be executed immediately. Furthermore, you can revoke your consent at any time by sending an e-mail to [email protected] The data record belonging to your e- mail address can be stored for up to three years after unsubscribing for reasons of proof and to defend against legal claims. The relevant data record will then be deleted automatically. Art. 6 (1) f) GDPR is the legal basis for this data processing.

You can revoke your consent in whole or in part. In particular, you have the option of revoking only your consent to the personalisation of our newsletter by sending an email to [email protected] If you limit your revocation to personalisation, we may send you our general newsletter.

In addition, we store the data of the application under the double opt-in procedure. Art. 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in proving an existing consent.

2.5. Customer account

You have the possibility of creating a BIKE24 customer account. This password-protected, personal access offers you a series of useful features, including, but not limited to, viewing of the orders that you have placed in the preceding 2 years, displaying and downloading of your invoices, management of personal customer data, addition and editing of different delivery addresses, saving of a standard payment method and creation of a personal reminder note and/or wish list.

Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent. The data submitted to the customer account will be stored as long as your consent exists. You may revoke this consent at any time with effect for the future. An informal notification using the contact details stated under Section 1 will suffice for this. If your consent is revoked, your customer account, including the data submitted to it, will be deleted.

2.6. eTermin online appointment booking

BIKE24 uses the service of the provider eTermin GmbH, im Wiesengrund 8, CH-8304 Wallisellen, Switzerland, to enable customers and visitors of the "BIKE24 Store Dresden" to book appointments online. When using this booking tool, we collect and process the following personal data: salutation, name, telephone number, e-mail address and the entered appointment request. The provision of this data is mandatory. The data is necessary for the coordination of the appointment requests. In addition, we process the personal data that you enter in the free text box. Your personal data will be deleted after your appointment request has been processed. Your appointment request is regularly completed with the visit to our store or the cancellation of a booked appointment by yourself.

The legal basis for this data processing is Art. 6 (1) f) GDPR. The essential justified interest lies in providing the possibility of booking an appointment and to be able to coordinate appointment requests for the purpose of improved preparation of customer visits to our shop.

Insofar as the provider eTermin GmbH can access your personal data, eTermin GmbH acts as a data processor in accordance with Art. 28 GDPR. The data processor may only process your data in accordance with our instructions and not for its own purposes. The provider is based in Switzerland. For this country the European Commission determined the existence of adequate protection of personal data in its decision of 26.07.2000. This decision remains valid after the entry into force of the GDPR. You are free to request a copy of this decision from our data protection officer.

2.7. SMARTFiT Online Sizing

In order for us to provide you with the best possible advice in our webshop and to offer you bikes that fit your measurements, you have the option of using the SMARTFiT online sizing tool (click on "Calculate size" in the size settings on each bike product detail page) to enter your height and gender as well as your arm and leg length. SMARTFiT then calculates the bike size that fits you and checks if the desired bike (or a suitable alternative) is available in the required size in our webshop.

To avoid that you have to enter your data again within a short period of time, SMARTFiT stores your data together with a session ID for a short time frame in the local memory of your browser (Local Storage). The data is deleted after four hours of inactivity.

We can evaluate the frequency of use of the tool via SMARTFiT, but no conclusions about natural persons can be drawn from the evaluation.

SMARTFiT is a service of Radlabor GmbH, Heinrich-von-Stephan-Str. 5c, 79100 Freiburg, Germany. Personal data is processed exclusively on servers loacted in Germany. Further information on data processing in connection with the use of the tool can also be found in FAQ of the provider.

The legal basis for the storage in and the reading out of the data from the local storage is section 25 para. 2 no. 2 of the Telecommunications-Telemdia Data Protection Act. The legal basis for the processing of your personal data is our prevailing legitimate interest pursuant to Art. 6 para. 1 lit. f of the GDPR to be able to suggest suitable bikes for you and to enable an optimized shopping experience in our online store. Our legitimate interest prevails any conflicting interests you may have, in particular as the data processing only takes place if you actively use the tool.

 

3. Cookies

3.1. What are cookies?

"Cookies" are small text files that are stored on your data carrier and contain certain settings and data. We use cookies on our websites to provide you with an optimal user experience, to compile statistics on the use of our websites and to facilitate marketing activities.

3.2. Personal cookie settings

When you visit the BIKE24 shop for the first time or if you have deleted your browser data, we ask you with our cookie consent tool whether we may use cookies and, if so, which cookies we may use.

Technically essential cookies are always enabled. These cookies cannot be deactivated. You are free to decide whether you want to allow comfort cookies or marketing and statistics cookies. The use of these cookie types is only permitted with your express consent. We offer you an overview in which you can make your personal selection for each tool. You must actively consent to the use of these cookie types in order to activate these cookies. There is also the possibility to agree to the use of all cookies with one click.

You can access your personal cookie settings at any time via the footer link „cookie settings“. You can make an individual selection at any time and revoke your consent with effect for the future.

Your personal cookie settings are stored with a cookie on your data carrier. If you do not delete the cookies, you will not be asked again on your next visits to our shop.

3.3. Technically essential cookies

Technically essential cookies are cookies that are absolutely necessary for the use of the website and for whose use an essential justified interest exists. We use the following technically essential cookies:

Cookie name Purpose or function Validity period
ID This cookie contains the session ID. This ID is necessary in order to be able to link a user's actions over multiple website visits. This is necessary in order to be able to, for example, link to a specific user the current shopping basket or a current log-in over multiple website visits. as long as the browser window is open
CookieConsent This cookie contains your personal cookie settings, which you have defined and saved in our cookie consent tool. 1 year from the last saving of the cookie settings
domainSwitchSuggestion This cookie stores the information that the user has already been suggested to change the language and thus the domain with a pop-up. This cookie prevents the user from being permanently disturbed by this pop-up. 1 year from the date the pop-up window was displayed
__cf_bm The cookie is absolutely necessary for Cloudflare's security functions and cannot be deactivated. You can find more information on Cloudflare under Section 8. no longer than 24 hours after the last visit to the website
CountryTax The cookie contains the country-specific VAT rates according to the country selection made. 24 hours from your action
deliveryLocation The cookie contains the delivery country and the zip code specified by the user for calculating the availability and parcel delivery time of express services. 24 hours from your action

 

3.4. Comfort cookies

Comfort cookies are cookies that make the use of the shop more pleasant and comfortable, e.g. by additional functions in the shop. We only use comfort cookies if you have given your consent. The web shop can also be used without these comfort cookies. However, the user experience can be significantly worse.

 

Cookie name Purpose or function Validity period
BasketStore This cookie contains the current shopping cart ID and, if applicable, the assignment of this ID to a user login. The shopping cart ID enables the saving of the shopping cart beyond the actual browser session. The shopping cart data can thus be restored even weeks or months after the last visit to the site. 1 year from the date of the last change to the shopping cart

 

The shopping cart cookie ensures that the shopping cart data is saved even after the end of a session. If you close the browser window and, for example, want to continue shopping the next day, the data of the shopping cart is still available.

If you do not allow this cookie to be set, your shopping cart will be empty after closing the browser window. The entire shopping cart data will be lost.

3.5. Marketing and statistics cookies

We use web analysis tools to generate data about the use of our websites in order to improve our shop in a targeted manner and ultimately to achieve a better user experience. We use the web analysis tools Google Analytics and Google Tag Manager from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. In connection with these tools, we also use tracking tools from trbo GmbH, Römerstr. 6, 80801 Munich, Germany. The aforementioned tools also set cookies, provided you have given your express consent in advance as the legal basis for their use by us.

You can find out more about the processing of your personal data by Google Analytics, Google Tag Manager and Trbo under No. 4 of this privacy policy.

3.6. Technically essential cookies from third-party providers

If you select certain payment methods such as Amazon Pay or Paypal, cookies enabling payment using the respective payment method will be placed.

If we integrate elements of "Facelift Cloud" such as competitions or an advent calendar into our website and you call this page with your browser, a cookie is set by "Facelift Cloud" to identify and prevent attacks against the server infrastructure of "Facelift Cloud". You can find more information on "Facelift Cloud" under Section 9.

If you wish to play YouTube videos integrated into BIKE24, cookies will likewise be placed.

In all these cases, cookies are not initially set when the respective page is called up. Cookies are only set as a result of an action by you, e.g. when you select the payment method Paypal active or when you play an embedded YouTube video.

3.7. Legal basis for the use of cookies

Article 6 (1) f) GDPR is the legal basis for the use of technically essential cookies. The essential justified interest lies in securing the functionality of the BIKE24 shop.

Article 6 (1) a) GDPR is the legal basis for the use of comfort cookies (nr. 3.4.) and marketing and statistics cookies (nr. 3.5.). You have given your explicit consent by unsing our cookie consent tool. More about the cookie consent tool and personal cookie settings can be found under nr. 3.2.

3.8. Revocation of consent and deletion of cookies

You can revoke your consent to the use of cookies at any time with effect for the future.

You can use the cookie consent tool for this purpose. your personal cookie settings can be accessed at any time via the footer link „cookie settings“. You can save a selection without comfort cookies and marketing and statistics cookies.

You can also delete all existing cookies in your browser settings. The next time you visit the BIKE24 website you will be asked to make a new decision about your personal cookie settings using our cookie consent tool.

4. Marketing und Analysis Tools

BIKE24 uses marketing and analysis tools subject to your express consent. These help us to better understand how you use our website, to provide you with the content that is right for you and to improve our shop overall. Furthermore, these analytical tools help us to better tailor marketing activities to your interests and to measure the success of our marketing activities. Cookies and other technology such as local storage and scripts that store or read information on your end device are used for this purpose. 

Typically, marketing and analysis tools process the following data:

  • the IP address of the device;
  • the information of a cookie or in the local or session storage;
  • the device identifier of mobile devices (e.g. device ID, advertising ID);
  • referrer URL (previously visited page);
  • pages viewed (date, time, URL, title, length of stay);
  • downloaded files;
  • clicked links to other websites;
  • technical information: operating system; browser type, version and language; device type, brand, model and resolution;
  • approximate location (country and city, if applicable).

This consent can be given via our Cookie Consent Tool. In the case of analysis and marketing tools, this consent also includes the transfer of data to third countries with a different level of data protection to the EU, in particular the USA. We would like to point out that, due to US laws and regulations, a level of data protection in the USA similar to the legal situation in Germany or the European Union cannot be guaranteed. The risks here include: the USA offers no enforceable rights or a weaker enforcement of them, and no independent data protection authority to help enforce these rights. Security agencies based in the USA may also be able to access your data. There are no restrictions on the proportionality of access and no guarantees to protect your data. Moreover, there is no effective legal protection against such access to your data.

You can revoke your consent or change your selection at any time by accessing the Cookie Consent Tool again via the ‘Cookie Settings’ link under ‘About BIKE24’ in the website’s footer.

4.1. Google Analytics and Google Tag Manager

If you have consented to its use, BIKE24 uses Google Analytics, a web analytics service provided by Google Ireland Limited (‘Google’), based at Gordon House, Barrow Street, Dublin 4, Ireland for persons from Europe, the Middle East and Africa (EMEA), and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for all other persons. Google Analytics uses tracking cookies, local storage and scripts that enable your use of the website to be analysed. The information they collect about your use of this website is usually transferred to a Google server in the USA and stored there. BIKE24 uses Google Analytics with the ‘anonymizeIP’ setting. As a result, IP addresses are only processed in truncated form by Google Analytics in order to exclude a direct reference to a particular person.

The following data is processed by Google Analytics:

  • IP address (which is, however, anonymised before further processing);
  • referrer URL (previously visited page);
  • pages viewed (date, time, URL, title, length of stay);
  • downloaded files;
  • clicked links to other websites;
  • achievement of specific goals (conversions), if applicable;
  • technical information: operating system; browser type, version and language; device type, brand, model and resolution;
  • approximate location (country and city, if applicable, based on anonymised IP address).

The cookies’ storage period is a minimum of 14 months and a maximum of 26 months.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

Besides revoking your consent, you may also prevent the storage of cookies through the appropriate settings on your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can – in addition to revoking your consent – prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser add-on to deactivate Google Analytics

In order to integrate Google Analytics, we use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’) for all other persons. This applies the activation of Google Analytics through a script and ensures the proper integration of the tool. Google Tag Manager only temporarily processes the connection data generated by the browser connection. Google Tag Manager does carry out any user analysis itself.

We have concluded an order processing agreement with Google Ireland Limited. In the event that personal data is transferred to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Module 3). We also obtain your explicit consent for your data to be transmitted to the USA as part of the consent process.

You can find more information in Google's privacy policy.

4.2. Trbo

If you have consented to their use, we also use tracking tools from trbo GmbH, Römerstr. 6, 80801 Munich, Germany ("Trbo") for marketing purposes.

These help us to understand which pages are particularly attractive to users of our services, which products interest our customers most and which individual offers we should make to our website users in each case. The data collected and used in this context is only ever stored in a pseudonymised form (e.g. a random identification number) and is not combined with other personal data about you (e.g. name, address, etc.). Cookies, local storage, session storage and scripts are used for this purpose.

In particular, the following data is processed:

  • which pages are visited when, how often and in which order,
  • which products are being searched for,
  • which links or offers are clicked on, and
  • what orders are placed,
  • from where the website is accessed.

The cookies’ storage period is a minimum of 30 minutes and a maximum of 36 months.

We have concluded an order processing agreement with Trbo.

In order to integrate Trbo, we use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’) for all other persons. This applies the activation of Trbo by means of a script and ensures the proper integration of the tool. Google Tag Manager only temporarily processes the connection data generated by the browser connection. Google Tag Manager does carry out any user analysis itself.

We have concluded an order processing agreement with Google Ireland Limited. In the event that personal data is transferred to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Module 3). We also obtain your explicit consent for your data to be transmitted to the USA as part of the consent process.

4.3. Emarsys

If you have consented to their use, we also use tracking tools provided by Emarsys eMarketing Systems GmbH, Märzstrasse 1, 1150 Vienna, Austria (‘Emarsys’) for marketing purposes. With their help, we can better understand which of our shop’s contents or products you were particularly interested in and which of our marketing campaigns appealed to you, based on the observation of your user behaviour on our website as well as your ordering and purchasing decisions.

Specifically, these tools store:

  • information about your navigation behaviour,
  • which products you have placed in your shopping cart,
  • and the details of these products such as type of product,
  • colour and clothing sizes if applicable,
  • as well as information on the use of individual marketing campaigns.

With the help of this data we can create a customer profile in order to offer you an individual customer experience and to be able to display advertising and content tailored to you on our website. If you have consented to receive personalised newsletters, this data will also be used for the individual design of these personalised newsletters.

The cookies’ storage period is a maximum of 12 months.

We have concluded an order processing agreement with Emarsys. Your data will principally be stored in the European Union. Insofar as Emarsys involves service providers based outside the European Union, there are either adequacy decisions in place or standard contractual clauses concluded for the associated possible third-country transfer. In addition, we also obtain your express consent for any data transfer to the USA as part of the consent process.

5. Google reCAPTCHA

BIKE24 uses the service "Google reCAPTCHA" on this website. Provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We use Google reCAPTCHA to prevent misuse through automated data entry. This applies in particular to pages on which users enter certain form data and transmit it to our servers. Google reCAPTCHA makes it possible to distinguish between data input by humans and automatic data input.

The service analyses the behaviour of the user on the website in the background. Google reCAPTCHA uses certain characteristics to determine whether the website is naturally operated. Google reCAPTCHA transmits your IP address and possibly other data (e.g. about the device you are using) to Google.

Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in in the prevention of abuse and/or spying on our web page as well as in the prevention of SPAM.

You can find more information about Google reCAPTCHA and Google's privacy statement at: https://www.google.com/intl/en/policies/privacy/

6. Log files

When you visit the BIKE24 website, your Internet browser will send usage data to our servers. Usage data is logged in so-called log files by our servers. In this respect, the following will be stored: the data and time, the type of request, the log type and access status, the size and name of the file, the IP address from which the request originated, the referrer URL (information on the website from which you have arrived at our website), information on the Internet browser used (e.g. which browser is used, the version number of this browser and the type of encryption).

We use log files to monitor the functionality and performance of our shop and to further develop and improve the BIKE24  shop. As a result, any malfunctioning of the shop, for example, will be recorded and subsequently remedied by us. Furthermore, the storage of data in log files takes place for security reasons to ensure secure operation of our system.

Article 6 (1), f) GDPR is the legal basis for this data processing. The essential justified interest lies in securing the functionality of the shop and ensuring secure operation of our shop servers. The users' IP addresses will be deleted or anonymised after a maximum of 10 days.

7. Content Delivery Network (CDN)

BIKE24 uses the service provider CDN77, DataCamp Ltd, London, which will, on our behalf, deliver certain content from the BIKE24 shop website to you or your browser. This content includes, but is not limited to, product images. On the one hand, this service provider enables, by means of its infrastructure, speedy delivery of this data to you. In parallel, the service provider will deliver the data from a server situated as physically close to you as possible. Both these services will minimise loading times and improve the user experience for you.

The CDN service provider will necessarily receive your IP address.

Generally, no log data will be recorded. Only in the case of faults log data will be recorded by the CDN service provider for fault analysis. In this respect, the IP address will be stored only in anonymised form; the log file will be deleted after a maximum of 10 days.

Article 6 (1), f) GDPR is the legal basis for this data processing.

8. Cloudflare

We utilise Cloudflare, an application from the provider Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107 USA, on this website in order to make our website faster and more secure. Cloudflare provides a worldwide, divided content delivery network with DNS. Cloudflare hereby creates copies of our website and places them on their own servers. This therefore always ensures that, when you access our website, then it is delivered by the server which can show you our website the quickest. Cloudflare simultaneously blocks threats and limits abusive bots and crawlers which can waste our bandwidth and server resources or which will try to attack our systems in other ways or methods.

All the required data transfer between your browser and our websites flows through Cloudflare's infrastructure in order to be able to provide this service. Cloudflare thereby delivers content from our website and analyses the data traffic in order to prevent attacks.

Cloudflare receives information relating to the IP addresses and DNS log data for this purpose. The IP addresses therefore merely create pseudonymised data which could, when at all only theoretically and not without considerable, time effort and cost, be assigned to a natural person. For security reasons Cloudflare additionally utilises a Cookie. This cookie is absolutely required for the Cloudflare security functions and cannot be deactivated.

The data which is collected when you access our website is stored and processed exclusively in the European Union (“Data Localisation Suite”). This also comprises the data log files which have been developed from this and, in particular, data processing in order to speed up the secure call-up of the page, to detect threats such as bots and DDoS attacks as well as ensuring the stability of the connection set up. We have therefore concluded an agreement with Cloudflare for the usage of regional, European infrastructure and services. This especially comprises the “Customer Metadata Boundary” option. This function always ensures that all traffic metadata, which can also include the IP address, is also processed exclusively on servers in the European Union (in particular in Luxembourg).

Additional information relating to these security measures can also be found at: https://support.cloudflare.com/hc/en-us/articles/360061946171-Data-Localisation-Suite.

Warranting the security and accessibility of our website constitutes a legitimate interest on our part pursuant to Article 6 (1) f) GDPR. We have concluded a corresponding order processing agreement with Cloudflare, with regard to transmitting the data, in accordance with Article 28 GDPR.

Cloudflare usually stores your data for up to seven days. However, when your IP address should trigger a security alert at Cloudflare, then there can be exceptions to the storage period which has been detailed above.

In principle, Cloudflare stores and processes personal data on servers which are located in the European Union. However, as Cloudflare Inc. is deemed to be a US provider, we have also concluded EU standard contractual clauses with Cloudflare (Commission Implementing Decision (EU) 2021/914, Module 2) regarding the transfer of personal data to the USA, which cannot be completely excluded in every case. Thereafter, Cloudflare hereby undertakes in particular to challenge and inform about any request from US security authorities, unless this is not prohibited by law. There are also extensive, and comprehensive, additional safeguards in place in order to limit data processing to the European Union, as listed above. A decree by the European Commission on the adequacy of the level of data protection which is in place in the USA is currently not available. You are entitled to request a copy of the EU standard contractual clauses from us.

9. Algolia

We utilise the search engine provided by Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France (“Algolia”) on our website in order to provide a search function and filter function via the search box in our web shop as well as for improving the search results which can be obtained.

Algolia captures and processes the following data for this purpose:

  • IP address,
  • search enquiry via the search function,
  • if applicable, the selected filter options,
  • clicked on search results,
  • automatically transferred connection data.

The search query is sent to Algolia for the search function and subsequently matched with the products which are provided by BIKE24 to return matching search results. For example, the product category or other filters can be set with the filter function and, with the help of it, the search results can then be narrowed down. An anonymised analysis of the search queries and the clicked-on search results is executed in order to improve the search results. Assignment to an IP address or a token does not take place in this case.

The IP address, which is transmitted when utilising the search function and filter function, will be anonymised after a short time and stored for 7 days. Search enquiries and search results without assignment to an IP address or token will be subsequently stored for 90 days.

We have concluded a contract for order processing with Algolia according to Article 28 of the GDPR. The data will be stored on servers in Germany. Processing the data will always be executed in the European Economic Area in principle. Insofar as Algolia involves service providers which have their registered office located outside the European Union, then there will either be adequacy decisions in place or standard contractual clauses have been concluded for the associated possible third-country transfer. Measures have been implemented in order to limit the personal reference to the necessary duration and to anonymise the IP address as quickly as possible.

Additional information regarding data protection from Algolia can be found at: https://www.algolia.com/policies/privacy

If personal data is to be processed in this context, then the processing will be executed in accordance with Article 6 (1) f) of the GDPR based on our legitimate interest in providing an error-tolerant search for articles as well as for making it easier to locate our products in the web shop and thereby in ensuring the marketing of our offer in a customer-friendly manner.

10. Social Media

On the BIKE24 website you will find links to social media platforms from Facebook, Youtube, Instagram and Twitter where BIKE24 is represented and offers content. These are static links. BIKE24 does not use social media plugins.

BIKE24 is represented in social media in order to get in touch with our customers, interested parties and other users and to inform them about products, events or competitions. We would like to point out that personal data is collected and processed by the respective provider when you visit the corresponding pages. The legal basis for the processing of users' personal data is Art. 6 (1), f) GDPR. The essential justified interest of BIKE24 lies in the optimal design and improvement of the company presentation. 

If you use our offers in the respective social network as a logged-in member, your consent to data processing pursuant to Art. 6 (1), a) GDPR is given to the social media platform. In order to understand and improve our activities, we use corresponding evaluations in the form of statistics provided by the respective provider.

10.1. Facebook

BIKE24 uses the technical platform of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the aforementioned information service.

Please note that you are responsible for using this Facebook page and its functions. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

When you visit our Facebook page, Facebook collects your IP address, among other data. This and other information is used to provide us, as the operator of the Facebook pages, with statistical data about the use of our Facebook page. Facebook provides further information on this under the following link:

https://www.facebook.com/help/pages/insights

The data collected about you will be stored and processed by Facebook Ltd. outside the European Union if necessary. We cannot provide any information about whether and how Facebook uses visitor data from our Facebook page for its own purposes. Nor do we have any information as to whether your data is passed on to third parties, combined with data from other Facebook offers, how long Facebook stores data and whether page visits are assigned to individual users. You can read about what information Facebook actually receives and how Facebook uses it in Facebook's data usage guidelines. In the data usage guidelines you will also find further contact options for Facebook as well as setting options for advertisements. The Data Usage Guidelines can be found here:

http://www.facebook.com/about/privacy

The complete Facebook data guidelines can be found here:

https://www.facebook.com/full_data_use_policy

BIKE24 itself does not collect and process any further data from your direct use of Facebook. Data processing is only possible for sweepstakes or competitions. In these cases, we use contact data, for example, to contact winners of our raffles. BIKE24 uses the software Facebook Insights for a general evaluation of the Facebook page. Here we are provided with anonymous data from Facebook that does not allow any conclusions to be drawn about individual users. As already mentioned, we use this statistical data from Facebook Insights to design and improve our Facebook offering accordingly.

According to Facebook, Facebook stores your IP address when you visit our Facebook page. According to Facebook, this is anonymized and deleted after a storage period of 90 days (German IP addresses). In addition, Facebook stores information about the end devices that you use for the visit. By assigning IP addresses, individual users may be identified.

Facebook stores cookies with your Facebook ID on your device when you are logged in to Facebook. This cookie enables Facebook to track your page views within Facebook. This applies to the Facebook page of BIKE24 and also to Facebook pages of other providers. If you use a Facebook button embedded in a website, Facebook may associate that use with your profile. This makes it possible for Facebook to offer you advertising that results from your user behavior.

You can avoid this by logging out of Facebook before visiting the BIKE24 Facebook page and disabling the "Stay signed in" feature. In addition, you must delete all cookies from your device and restart your browser. You can then use our Facebook page without having your Facebook ID processed.

If you want to use functions on Facebook to interact with us (like, comment, share, news, etc.) you will be shown a login screen. This form of interaction is only possible for registered Facebook members. However, as soon as you are logged in again, you will be recognizable as a user for Facebook again. Further information on the Facebook data policy can be found under the following link:

https://www.facebook.com/about/privacy

10.2. Twitter

BIKE24 uses the technical platform and services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA for the short message service offered here.

Please note that you are responsible for using Twitter and its functions. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

If you use Twitter, your data will be stored and processed outside the European Union. The data that may be transmitted includes your IP address, the application you are using, and information about the device you are using. It may also include information about your location and the websites you visit.

Twitter links this collected data to your Twitter account and may be able to create a behavioural profile. BIKE24 cannot influence the nature and extent of the data collected by Twitter. We also have no control over whether Twitter passes on your data to third parties or for what purposes Twitter uses the stored data.

Under the following link you will find information about which data Twitter collects and processes according to its own statement:

https://twitter.com/en/privacy

If you have a Twitter account and would like to view information about the data you have stored on Twitter, you can do so at the following link:

https://support.twitter.com/articles/20172711#

You can also use the Twitter data protection form to send your questions about data protection directly to Twitter. You can also download your Twitter archive:

https://support.twitter.com/forms/privacy

https://support.twitter.com/articles/20170320#

BIKE24 itself does not collect and process any other personal data from your direct use of Twitter. We use Twitter Analytics for a statistical evaluation of our activities on Twitter. This function enables us to optimally design our presence on Twitter and does not allow any conclusions to be drawn about the data of individual users.

In the settings of your Twitter account you have the option to restrict the processing of your data by Twitter ("Privacy and Security"). Here you also have the option of restricting Twitter access to your contact and calendar data, photos and location data on your end device. You can find information about this on Twitter under the following links:

https://support.twitter.com/articles/105576#

https://twitter.com/en/privacy

10.3. Instagram

BIKE24 nutzt für den genannten Dienst die technische Plattform von Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland bzw. Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). Instagram speichert personenbezogene Daten von Ihnen, wenn Sie diese Seite besuchen.

BIKE24 as the responsible person has reached an agreement with Facebook, which also regulates the conditions for using the Instagram page. The basic terms are the Instagram Terms of Use at https://help.instagram.com/581066165581870 and the other terms and guidelines listed at the end.

By processing information, Facebook is able to distribute advertising for its users via its own network. The data processing by Facebook also enables BIKE24 to use statistics provided by Facebook. In this way, BIKE24 can optimally design its own content and better reach its users. Parts of these statistics contain demographic and geographical information. However, BIKE24 has no influence on the underlying data. These data are not known to us in their entirety.

It is likely that the data collected about you by Facebook Ltd. will be stored and processed outside the European Union.

As a user of Instagram, you can influence the storage of data and the recording of user behavior through Instagram in your profile settings by making the appropriate settings.

Instagram users can use the Advertising Preference settings to control the extent to which their user behavior is captured when they visit our Instagram page. 

For more information, see the Facebook and Instagram settings:

https://www.facebook.com/login.php?next

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

or the form to the right of objection under:

https://www.facebook.com/help/contact/1994830130782319

If you want to avoid cookies being placed by Facebook and prevent the associated processing of your data, set your browser so that no third-party cookies or Facebook cookies are allowed.

For more information about how Facebook handles personal information on Instagram, please see its privacy policy at https://help.instagram.com/519522125107875 and http://instagram.com/about/legal/privacy/, respectively.

10.4. Youtube

On the BIKE24 website, videos of selected articles and brand shops of the corresponding brands are displayed, for example. The videos are made available on the video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, (YouTube) by the brands. In addition, BIKE24 maintains its own YouTube channel.

YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Videos are used by BIKE24 exclusively within the "Extended Privacy Mode". According to YouTube, this function only transmits user data to YouTube when a video is actually started. 

If you start a video as a logged in YouTube member, the call of the video will be associated with your YouTube account. You can prevent this information from being linked if you log out of your YouTube customer account before visiting our website. Alternatively, you can make the necessary settings in your YouTube account.

Youtube stores permanent cookies on your end device in order to guarantee functionality and to analyse user behaviour. You can prevent the storage of cookies on your terminal device by making the appropriate settings in your browser.

Under the following link you will find further information on data collection by Google and on your rights against Google:

https://policies.google.com/privacy data protection information.

10.5. Further information

If you wish to assert your rights of data subjects against the social media platforms mentioned above, it is ideal to contact the respective platform directly with your request for information. Even if a joint responsibility arises from the cooperation between BIKE24 and the individual platforms, the platforms alone have the opportunity to provide you with full information about the data stored by you there. However, should our support be necessary, you can contact us at any time.

If you have any questions regarding data protection, please contact our data protection officer at datenschutz at bike24.net.

If you have any questions about a current order or need advice on a product, please contact our competent service team exclusively. Information for contacting us can be found here:

https://www.bike24.com/customer-service.html

For data protection reasons, we do not make our customer service available via "social media platforms".

11. Your rights as a user

Below, we would like to summarise for you your rights under the General Data Protection Regulation.

11.1. Right to revoke your declaration of consent under data protection law (Article 7 (3) GDPR)

You have the right time to revoke your consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation. Before you give your consent, you will be informed hereof.

11.2. Right of access (Article 15 GDPR)

Under Article 15 GDPR, you have the right to demand from us confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and the following information:

  • the purposes for which we process this data;
  • the categories of personal data processed by us;
  • to whom this personal data has been disclosed, or is yet to be disclosed, particularly in the case of disclosure to recipients in third countries or at international organisations;
  • if possible, the envisaged period of storage of the personal data, or, if this is not possible, the criteria used to determine this period;
  • the existence of a right to rectification or erasure of the personal data concerning you, or a right to restriction of processing by us, or a right to object to processing by us;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • in cases where the personal data is not collected from you, all available information concerning the origin of the data;
  • whether automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR, takes place, and, if so, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
  • If personal data is transferred to a third country or to an international organisation, you will have the right to be informed of what suitable safeguards have been put in place to ensure that these recipients also comply with the provisions of the GDPR.

11.3. Right to rectification (Article 16 GDPR)

You may demand that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will, additionally, have the right to demand that incomplete personal data be completed, also by means of a supplementary statement.

11.4. Right to erasure or "right to be forgotten" (Article 17 GDPR)

You have the right that we erase data without delay if one of the following grounds applies:

  • The data is no longer needed for the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing was based, and there is no other legal basis for the processing.
  • In accordance with Article 21 (1) GDPR, you lodge an objection to the processing for reasons ensuing from your particular situation, and there are no overriding legitimate reasons for the processing.
  • In accordance with Article 21 (2) GDPR, you lodge an objection to processing for direct marketing purposes.
  • The data has been unlawfully processed.
  • It is necessary to erase the data in order to fulfil a legal obligation under European or German law.
  • The data has been collected in relation to an offer of information society services in accordance with Article 8 (1) GDPR.

If we have made your data public and are obliged to erase it, we shall, with due regard being given to the available technology and the implementation costs, take appropriate measures to inform the controllers that you have requested the erasure of your data.

11.5. Right to restriction of processing (Article 18 GDPR)

According to Article 18 GDPR, we must restrict the processing of your data in the following cases, namely if:

  • you dispute the accuracy of your data, in which case the processing will be restricted until we have been able to check the accuracy;
  • the processing is unlawful, and you decline to have your data erased and demand instead that use of your personal data be restricted;
  • we no longer need the data for the purposes of the processing, but you need this data for asserting, exercising or defending legal claims, or
  • you lodge, in accordance with Article 21 (1) GDPR, an objection to the processing for reasons ensuing from your particular situation, as long as it has not yet been established whether the legitimate reasons for the processing by us outweigh your interests.

If processing is restricted, we shall merely be permitted to store this data. Any processing beyond this will then be permissible only with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of an important public interest of the Union or a Member State.

You may at any time revoke your consent given in this connection.

You will be notified by us before the restriction is lifted.

11.6. Notification obligation (Article 19 GDPR)

All recipients to whom your data has been disclosed must be informed by us of any rectification or erasure of your data, or of any restriction of processing. This will be inapplicable only insofar as this proves to be impossible or is associated with disproportionate expense. We shall inform you of these recipients if you so request.

11.7. Right to data portability (Article 20 GDPR)

You have the right to receive in a structured, commonly used and machine-readable format the data concerning you that has been provided to us. Additionally, you have the right that we transfer this data to a third party insofar as

  • the processing of the data is based on your consent or on a contract, and
  • the processing takes place by automated means.

in this respect, you may demand that we transfer your data directly to such third party insofar as this is technically feasible. This right must not impair the rights and freedoms of other persons.

11.8. Automated decision-making in individual cases, including profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or that impairs you in a similar manner. This will not apply if:

  • you have given your express prior consent thereto, or
  • the decision is necessary for the conclusion or performance of a contract between us, or
  • applicable legal provisions permit this, and these provisions contain appropriate measures for protecting your rights and freedoms as well as your legitimate interests.

In the first two cases, we shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests. This includes your right to state your own point of view, your right to challenge the automated decision and your right to intervention by one of our employees.

11.9. Right to object (Article 21 GDPR)

If we process your data on the basis of a legitimate interest (Article 6 (1) f GDPR), you will have the right to lodge an objection thereto if the grounds for this ensue from your particular situation. This also applies to any profiling based on these provisions. In this case, we shall no longer process your data, unless we can prove that the reasons for the processing are compelling and worthy of protection. This must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

Insofar as we process your data in order to engage in direct marketing, you may lodge an objection to the processing of your data. This also applies to profiling insofar as profiling is related to such direct marketing.

Following your objection, your data will no longer be processed for these purposes.

To lodge an objection, merely send a corresponding informal notification using the contact details given in Section 1.

11.10. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the data concerning you breaches the General Data Protection Regulation. Further legal remedies under administrative law, or judicial remedies, to which you may possibly be entitled will remain unaffected hereby.