PRIVACY POLICY
1. Data controller and contact
We are, of course, the data controller and we will be happy to answer any questions you have at any time. In fact, bc GmbH is responsible for processing and protecting your data on bike-components.de (hereinafter referred to simply as "we" or "bc").
Where to find us and how to contact us:
bc GmbH
Commercial Register of Aachen HRB 25211
VAT ID number DE191317292
Carlo-Schmid-Straße 12, 52146 Würselen, Germany
Email: info@bike-components.de
Fax: +49 (0)2405 – 450046
Management: Dominic Land, Slawomir Gleboczyk
If you have any questions, please do not hesitate to contact our Data Protection Officer Severine Petersen (Data Business Services GmbH & Co. KG). You can contact her by email at datenschutz@bike-components.de.
2. Your visit to bike-components.de
When you visit one of our websites, information from your browser is automatically sent to our server. We only need this information to ensure that you can access our site properly. This relates to the following information, which we temporarily store in a so-called log file until it is automatically deleted:
● IP address of your computer,
● Date and time of your access,
● Name and URL of the file you have retrieved,
● Website from which you gain access (referrer URL),
● The browser used and, if applicable, the operating system of your computer and the name of your access provider.
We will only process this data in order to make your visit to our website as simple as possible for you from a technological point of view, specifically:
● to ensure a smooth connection to our website,
● to ensure that you can use our website in comfort,
● to evaluate how secure and robust the system is and
● for other administrative purposes.
The legal basis for processing data is Art. 6 Para. 1 (1) (f) of the General Data Protection Regulation (GDPR). Under no circumstances will we use the data collected to identify you as an individual.
We also use our website cookies and analysis services when there is a visit to our website.
3. Your log-in to bike-components
Having an account with bc means you can order even more easily and quickly. You will have all your orders, account and user data, your address book, password, newsletter subscription and your reviews at your fingertips.
To ensure that you can also use and access your account benefits, we store your registration data with each log-in in addition to the data mentioned under 2.:
● Date and time of your log-in
● First name and surname
● Password
● Our current terms and conditions
We take care of your data, which is why our registration form is so encrypted that the data entered there cannot be viewed by third parties. Of course, you always have the right to change your log-in data.
We process your data strictly in accordance with Art. 6 Para. 1 (1) (b) of the GDPR and we need this data in order to be able to process your orders and subscriptions properly, as well as to mutually fulfil obligations arising from our order contracts.
If you place an order with us while you are logged in, we will store the data for as long as is set out under 4. If you were logged in without placing an order, we will store your registration data for as long as, from experience, we would expect you to place an order, but not for longer than three months.
4. Your purchase from bike-components
We will make sure that you receive all you need for your bike as soon as possible. And this is why we need data.
You can order from us either by using a customer account so that we store the data set out under 2. and 3. in order to process your order or you can order as a guest, meaning we will only store the data set out under 2. and the data from our order form. To prevent third parties from viewing your data, we have also encrypted our order form. To process your order, we store the following information:
● Title, first name, surname,
● Email address
● Address
● Phone number (if specified)
● Date and time of the order
● Ordered goods
● Information about the payment method
We also save the text of the contract and our general terms and conditions in force at the time the contract is concluded.
Why do we need this data:
● To make sure that you are our customer,
● To be able to deliver the ordered goods to you and to be able to fulfil the contract,
● To issue you with your invoice,
● To process our entitlements to payment from you and to assert any other claims against you and
● To keep you informed about your order.
Your data will be processed at your request and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes outlined for our mutual fulfilment of the obligations arising from the sales contract.
We store the data that we collect for the purposes of processing the sales contract until the statutory period of limitation has expired (three years after the end of the calendar year in which the claim arose and we became aware of the circumstances substantiating the claim and of your identity or would have become aware without gross negligence, Section 199 Para. 1 of the BGB (German Civil Code)). After that we delete it, unless we are obliged to store it for longer in accordance with Article 6 Para. 1 (1) (c) of the GDPR due to retention and documentation requirements under tax and commercial law (arising from the HGB (German Commercial Code), StGB (German Penal Code) or AO (German Fiscal Code)) or you have consented to your data being stored for a longer period in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.
We will send your email address and phone number (if provided) to the delivery company. The company will inform you about the shipment status. In this case, the company acts as an independent responsible party. Our legitimate interest in this transfer is to enable you to receive your order as quickly as possible, transparently and without any problems. You can object to the transfer of data by contacting us directly.
5. Endereco
In our shop we use the "Endereco" service provided by Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany to validate and correct addresses. These services enable us to check and correct errors in entered information in real time. Checking your address allows us to process your order correctly. Checking your address also helps prevent fraud and identify false addresses. For this purpose, your address data is transferred to Endereco and analysed there. Endereco never stores addresses or any other data at any time and never links information such as name and address data together. Endereco stores the time stamp of the request and the result of the check for billing purposes. Data is stored by Endereco only if a suggestion for an error correction occurs and is then denied by you. The purpose of data storage by Endereco is to further improve service. Stored addresses are deleted bc Endereco after 4 weeks. The data is not merged with other data sets either. Since performance of the contract and the implementation of pre-contractual measures require the correctness of the data you entered to be checked, processing is based on Art. 6(1)(b) GDPR. However, processing is equally based on our legitimate interest in collecting your customer data in accordance with regulations in order to prevent contract performance problems, which means that it is also based on Art. 6(1)(f) GDPR.
You can find the Endereco privacy policy at:
https://www.endereco.de/datenschutzerklärung
We also store address information that Endereco corrects for us. However, this only applies to customers who have a customer account. Data is stored for the purpose of continued quality assurance, to improve address validation and to have the option of sharing this data with the customer.
6. Personalised product recommendations and surveys
As our customer, you will receive recommendations for products from our shop as well as customer surveys via email (hereinafter referred to as "mailings"). You will receive some of these mailings regardless of whether you have subscribed to a newsletter. We have received your email address from you as part of your purchase in our online shop. We use this for our product recommendations. In the mailings you will find the latest information about products from our range that you might be interested in based on your recent purchases with us. If you no longer wish to receive mailings from us, you can object to this at any time. To do this, simply click on the unsubscribe link included in every mailing we send. When unsubscribing, it is possible to unsubscribe only from specific mailings or from all categories of mailings. The legal basis for sending mailings can be found in Art. 7 para. 3 UWG (Act Against Unfair Competition) and Art. 6(1)(f) GDPR. In the case of mailings requiring consent, these will only be sent if you have given your consent (e.g. newsletter subscription).
In addition, we use services and functions for web surveys on our website. The order ID, breakpoint, guest or registered user, survey responses and the email address are collected. The purpose of conducting surveys on our website is our legitimate interest in responding efficiently to customer enquiries and in checking satisfaction with our products and the website.
6.1 zenloop
We use the zenloop platform to integrate and implement review requests. In web surveys, cookies are set when the survey has been viewed and answered. The cookies are set to ensure that you do not see the same surveys more than once.
For more information on the purpose and scope of the data collection and processing, please refer to the Privacy policy under Personalised product recommendations and surveys.
Type: Customer survey platform
Provider: SaaS.group zenloop GmbH
6.2 Trustpilot
We use the Trustpilot review platform on our website. This service is provided by Trustpilot A/S, Pilestræde 58, 5,1112 Copenhagen, Denmark. If you have given consent to being sent newsletters or have given separate consent for being contacted for feedback, you will receive a request from us or Trustpilot to leave a review on Trustpilot. If there is an exception in accordance with the German Act Against Unfair Competition (UWG), we will send you a request to leave a review on the basis of our legitimate interests. Leaving a review is voluntary. You can find more information about data protection at Trustpilot here:https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.
7. Optimizely
We use the Optimizely service of Optimizely, Inc. (119 5th Ave 7th floor, New York, NY 10003, USA) on our website. This service is used to create and send email campaigns and to analyse them. If you give us your consent to set cookies, we will collect and use information about your purchasing and surfing behaviour in order to send you email product recommendations. Optimizely stores cookies that contain information about your surfing behaviour, browser information and usage data. The cookies are deleted after 12 months at the latest. In order to guarantee the privacy of your data, we have concluded an order processing agreement with Optimizely Inc. as well as the standard contractual clauses for the possible international transfer of data. You can find data protection information on Optimizely at: https://www.optimizely.com/legal/privacy-policy/
8. Your newsletter subscription
Do you want to be kept up-to-date on all things cycling? Our newsletter will send you tips, product & brand launch news and current trends.
We collect your e-mail address when you sign up for our newsletter. This is necessary in order to be able to send you the newsletter. After subscribing, you can voluntarily tell us your first name, date of birth and interests (mountain biking, road biking, gravel biking). In addition to storing the required e-mail address when you sign up for the newsletter, we store the IP address which you used to subscribe, as well as the date and time of registration and confirmation, in order to be able to trace possible misuse at a later date. We also collect information regarding your selected language and the country you are logging in from via your browser.
We use the double opt-in method for sending the newsletter. This means that we will only send you our newsletter by e-mail if you confirm your subscription. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, would like to receive future newsletters. By confirming, you give us your consent according to Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of sending the newsletter as requested.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by e-mail. After unsubscribing, your e-mail address will be immediately deleted from our distribution list, unless you have expressly consented to the continued use of your collected data or if continued data processing is permitted by law.
Our e-mail newsletters are distributed via Optimizely from service provider Episerver GmbH, Wallstraße 16, 10179 Berlin ("Optimizely"), to whom we pass on the data you provided during registration for the purposes of sending the newsletter, displaying interest-based content and anonymised statistical analysis and the reach measurement on our behalf. You will receive our newsletter after you have given your consent via the double opt-in procedure according to art. 6(1)(a) GDPR. In order to fully comply with legal data protection requirements, we have concluded an order processing agreement with Optimizely in accordance with Art. 28 DSGVO. For more information on Optimizely's privacy policy, please visit https://www.optimizely.com/legal/privacy-policy/.
We evaluate the opening/click rates of our newsletters when we send them out. Processing is carried out for statistical analysis purposes, namely how often are newsletters are read as well as the optimisation of our e-mail advertising. We record when you read our newsletter, which browser you use, your IP address and which links you click on in the newsletter. We also use the data from your last purchases to better adapt the newsletter to your interests and make it more relevant for you.
9. What happens with questions submitted via the contact form, email or over the phone
If you have any questions, such as about your order or one of our items, we are always happy to help you via email. You can, of course, also contact us via our contact form.
If you contact us via email or phone, we will only receive the personal data about you that you provide us. The legal basis for this is our legitimate interest in responding to your query (Art. 6(1)(1)(f) GDPR) or fulfilling existing contractual relationships (Art. 6(1)(1)(b) GDPR).
We use Novomind software to process any queries you send via the contact form, chat or email. Everything you need to know about Novomind can be found under point 11 "Novomind".
We use myAgent telephone software to process any queries you make over the phone.
9.1 Contact form
We need you to provide a valid email address so that we can answer your query via the contact form on our website and assign it to you. All other information you provide in order to help us respond more quickly is voluntary. Your data is processed in accordance with Art. 6(1)(1)(b) GDPR (fulfilling existing contractual relationships) or Art. 6(1)(1)(f) GDPR (our legitimate interest in responding to your query). Our contact form is also encrypted so that your data cannot be viewed by third parties.
9.2 Appointment scheduling with Calendly
You have the option to book a consultation appointment on our website. For this, we use the online calendar Calendly. Calendly is a service provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA. Alternatively, you can of course request appointments by phone or email. The appointment booking and data entry take place directly on our Calendly page https://calendly.com/bike-components. You will receive a confirmation email from Calendly. The data you provide during the appointment booking will be stored by us for processing the request and for the purpose of carrying out the appointment. This data will remain with us until you request its deletion or the purpose of data storage no longer applies (e.g. after the appointment has taken place). Mandatory legal provisions, especially retention periods, remain unaffected.
Calendly stores data on servers in the USA and employs subcontractors from the Netherlands and USA. We have concluded an order processing agreement, including the EU Commission's standard contractual clauses, with Calendly. For more information on Calendly's privacy practices, please visit https://calendly.com/privacy.
9.3 Chatbot
On our website, we use the melibo chatbot service by ThinkingTech GmbH & Co. KG (Darmstädter Str. 5, 64625 Bensheim, Germany). When using this service, the following personal data about you will be processed:
- Required connection data (e.g. IP address)
- The content of the conversation conducted via the chatbot
- Background information that the chatbot processes to answer queries
The service will not process personal information about you until you enable the widget by clicking the "Accept" field. By enabling the widget, you give your explicit consent to the processing of your personal data via the chatbot. You can revoke this consent at any time with future effect by closing the chatbot and deleting the cache. Processing is based on your consent in accordance with Art. 6(1)(a) GDPR.
Once your communication with the chatbot has ended, the dialogues are stored in anonymised log files and used to improve the chatbot.
Questions and analysis data are securely transferred via SSL encryption. Furthermore, access is protected by multiple firewalls that prevent unauthorised external access.
Information such as name and email address can be retrieved where necessary from the content of the conversation conducted via the chatbot and stored.
Background information includes a User ID and Session ID. The first time you use the chatbot, you will be assigned a randomly generated User ID. The User ID remains stored in your browser until you delete your browser history. If you want to use the bot again after deleting your browser history, a new, randomly generated User ID is created. If you use the bot again, your browser sends this User ID to the bot. This allows you to continue a previously interrupted conversation with the chatbot at any time. To identify the exact conversation with the chatbot, a randomly generated Session ID is also stored in your browser. This remains during a conversation and is regenerated when a conversation is restarted.
10. myAgent telephone software
We use myAgent telephone software by Unify Software and Solutions GmbH & Co. KG (Otto-Hahn-Ring 6, 81739 Munich, Germany) to process telephone calls. The legal basis for this is our legitimate interest (Art. 6(1)(1)(f) GDPR). If you contact us by telephone, we will receive the following information from you: Date and time, waiting time, talk time, ringing time, call ID and phone number. We do not store any other personal data about you in the software. The data is stored on German servers. We have concluded a data processing agreement with Unify Software and Solutions GmbH & Co. KG in accordance with Art. 28 GDPR. More information about Unify's privacy policy can be found at: https://unify.com/en/privacy-policy.
11. Novomind
We use Novomind software by novomind AG (Bramfelder Chaussee 45, 22177 Hamburg, Germany) to answer queries that we receive via chat, email or other forms. The legal basis for using this software is our legitimate interest in responding to your queries in a fast and comprehensive manner (Art. 6(1)(1)(f) GDPR). We use our own server in Germany to store data. To ensure that your data remains secure during support or maintenance cases through novomind AG, we have concluded a data processing agreement with novomind AG in accordance with Art. 28 GDPR. If you contact us, this transmission is encrypted before being stored automatically in Novomind. The data that you provide us is stored in the process. This data is usually your first name, surname, email address, phone number and customer number, plus the content of the message. We archive all queries we receive after three months. More information about novomind AG's privacy policy can be found at: https://www.novomind.com/en/privacy-policy.
12. What information is stored when you use payment service providers
You can pay us safely in different ways and choose the simplest method for you. We will not share your personal information with third parties unless:
1. It is permitted under law and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes of fulfilling contractual relationships with you. As part of this process, we use the data you provide:
1.1. To process your order.
1.2. To pass the data on to the shipping company responsible for delivery, as far as this is necessary for your goods to be delivered.
1.3. To process payments. For this purpose, we may pass on your payment data to our principal bank.
2. It is necessary to share your personal information in accordance with Art. 6 Para. 1 (1) (f) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding and legitimate interest in your data not being shared in the event that there is a legal obligation to share in accordance with Art. 6 Para. 1 (1) (c) of the GDPR and
3. You have expressly consented to this in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.
4. You select the PayPal payment method. Then we pass on the required data to PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; hereinafter referred to as PayPal). PayPal is run as a bank across the EU. The supervisory authority is the Luxembourg Banking Authority CSSF (Commission de Surveillance du Secteur Financier). The information that we automatically pass on to PayPal for the purposes of your payment transaction is usually first name and surname, street, house number, postcode, city, phone number and the data related to your order within the scope permitted by law.
4.1. If you use PayPal services, PayPal collects the following data from you:
4.1.1. Information on registration and use. If you do not have a PayPal account, you may need to provide your name, address, phone number, email address and other identifying information to set up an account, depending on the services you choose.
4.1.2. Information about transactions and experiences, such as the amount sent or requested, the amount paid for products or services, dealer information, including sources of payment used for the transaction, device information, technical usage data and location data.
4.1.3 Personal data of those participating in the transaction, i.e., data that you provide to PayPal about other participants in connection with the transaction.
4.1.4. All other data collected by PayPal can be found here.
4.2. For credit checking purposes, PayPal will pass your data on to credit agencies. These can also be found here.
5. You select the Amazon Pay method of payment. We will then pass your payment details onto amazon payments Europe s.c.a. as part of the payment process (38 avenue J.F.Kennedy, L-1855 Luxembourg; hereinafter referred to as amazon payments). Data passed to amazon payments is processed by amazon EU SARL, amazon Services Europe SARL and amazon Media EU SARL (all three are located at 38 avenue J.F. Kennedy, L-1855, Luxembourg). We will only share your data in order to process the payment with the payment service provider amazon payments and only if it is necessary.
5.1. Your data will be shared with amazon payments on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
5.2. You have the option to revoke your consent to your data being processed at any time. Your revocation does not affect the effectiveness of previous data processing operations.
5.3. Details on how to pay with amazon payments and their privacy policy can be foundhere.
6. You want to pay with your credit card. For this purpose, we rely on the payment service SIX Payment Services (Europe) S.A. (10, rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg; hereinafter referred to as SIX). If you have chosen this payment method, you will be transferred to the SIX payment page and we will send your data, email address or address, total amount, order date and time as well as order number/invoice number to SIX. Your data will be shared on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
6.1. The data shared shall be stored, processed and used within the scope permitted by law for risk assessment purposes. SIX decides whether the 3D Secure protocol needs to be run on the basis of the outcome of the risk assessment.
6.2. Please note the SIX Privacy Policy.
6.3. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.
7. If you have decided to pay with Klarna, we will pass on the data you provided to Klarna AB (Sveavägen 46,111 34 Stockholm, Sweden; hereinafter referred to as Klarna). Klarna is a provider of Internet-based payment methods, which offers you the invoice (14 days), direct debit and pay now payment methods.
If you decide to pay with Klarna (Klarna checkout solution), we will provide Klarna with the personal data required for processing: first name and surname, address, email address, IP address, telephone number, bank details as well as the data necessary to process the purchase on account such as item number, invoice amount and number of items such as VAT invoices, if applicable.
7.1. You also provide Klarna with personal data directly or indirectly, for example if you choose one of the Klarna payment options, contact Klarna or use the Klarna customer portal. Depending on the Klarna service you are using, you can share the following data:
7.1.1. Address information and contact information: name, date of birth, title, billing and delivery address, email address, mobile phone number
7.1.2. Payment information: debit and credit card details (card number, expiry date and CCV code), invoice data, account number
7.2. Depending on which Klarna services you choose, the following data may be collected:
7.2.1. Personal data and contact information such as name, date of birth, title, billing and delivery address, email address, mobile phone number
7.2.2. Information on goods/services
7.2.3. Financial information such as your income, any credit obligations and negative payment attributes
7.2.4. Historical information such as information about your purchases to date with Klarna, payment history and credit acceptance
7.2.5. Information about the interaction between you and Klarna
7.2.6. Information about the interaction between you and us
7.2.7. Device-related information such as IP address and browser settings
7.2.8. Location-related information such as geographical location
7.3 Klarna is itself responsible for the data received from you pursuant to the GDPR. You can read more about this in the Klarna Privacy Policy: https://www.klarna.com/uk/privacy-notice/ and https://www.klarna.com/sofort/datenschutz/
7.4. Data shall be transferred on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
7.5. The purpose of sharing data is in particular to verify identity, administer payments, prevent fraud and to carry out credit checks. Klarna collects information from credit agencies for the purpose of verifying identity and carrying out credit checks. In Germany, this may involve the following credit agencies:
7.5.1. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden;
7.5.2. Creditreform Boniversum GmbH Hellersbergstraße 11,41460 Neuss;
7.5.3. Deutsche Post Direkt GmbH , Junkersring 57,53844 Troisdorf;
7.5.4. Infoscore Consumer Data GmbH, Rheinstraße 99,76532 Baden-Baden;
7.5.5. Regis 24 GmbH, Wallstraße 58,10719 Berlin;
7.5.6. CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 Munich.
7.6. You can find more information about what the agencies do on the respective information sheets in accordance with Art. 14 of the GDPR:
7.6.1.https://www.schufa.de/en/
7.6.2. https://www.boniversum.de/eu-dsgvo/?lang=en
7.6.3. https://finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf
7.6.4. https://www.regis24.de/
7.6.5. https://www.crifbuergel.de/en/privacy
7.7. Klarna uses the agency ThreatMetrix, Inc. to prevent fraud. (160 W Santa Clara St. Suite 1400, San Jose, California 95113 USA; Processing Notice as PDF).
7.8. As part of the decision to draw up, implement and terminate the contract, Klarna also collects and uses information about your payment history to date and probability values relating to your future behaviour. The credit risk is assessed on the basis of mathematical and statistical processes employed by the credit agency. For this purpose, the personal data necessary for the purposes of the credit check, such as name, address and bank details, is shared with the credit agencies. Data is therefore collected, stored and transferred for the purposes of the credit check in order to avoid a default on payment and on the basis of Art. 6 Para. 1 (1) (b) of the GDPR and of Art. 6 Para. 1 (1) (f) of the GDPR. On the basis of this information, a statistical probability of defaulting on credit and thus your ability to pay is calculated. If the credit check is positive, you can place your order. If the credit check is negative, Klarna will inform you immediately as this means you are not deemed creditworthy.
7.9. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.
7.10. Klarna has a Data Protection Officer and a data protection department. You can contact them at any time by email:datenschutz@klarna.de.
Except in the aforementioned cases, we will not pass your data on to other third parties or use it for advertising purposes other than for the purposes of sending the newsletter to you, to which you will have consented. Bikers' word of honour. If we share your information with the aforementioned third parties, you can be sure that we have carefully selected and explicitly appointed them; they are bound by our instructions and are monitored regularly.
If our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we will inform you in the description of our offer, what the consequences are. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you specified in your order is outside the EEA. In addition, there must be an EU Commission adequacy decision in place for the country concerned. Where data will need to be transmitted in accordance with Art. 46 or Art. 47 or Art. 49 Para. 1 sub-paragraph 2, we will inform you about the consequences as part of our offer. The Commission has adopted adequacy decisions for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, South Korea, Uruguay and the United Kingdom. The Commission's comments on its adequacy decisions can be found here.
Data transfer to the USA is based on the standard contractual clauses (SCC) approved by the EU Commission. The latest standard contractual clauses can be found here.
13. Cookies and analysis services
Cookies are important – as a snack in between meals, but also for the usability of our website and your convenience when shopping in our online shop. You can find out about our cookies and our analysis services by reading our Cookie Policy.
14. Google Consent Mode
We use Google Consent Mode, which is linked to our Google Services. We use it in order to track behaviour on our website and thus to be able to optimise the content for you and to check the success of our advertising campaigns. Of course, personal tracking only takes place if you have given your consent. If you do not give us your consent, a non-personal and cookie-free analysis will take place. In this case, the following categories of data will be processed:
- function-related information (such as headers that have been passively added by the browser)
- aggregated or non-personal data
Data storage and data processing by Google takes place in the European Union, as well as in the USA, if required. We have concluded a data protection agreement with Google.
15. Kameleoon
This website uses the Kameleoon tool from Kameleoon GmbH, Beim Alten Ausbesserungswerk 4, 77654 Offenburg (as the German representative of SAS Kameleoon, 12 rue de la Chaussée d'Antin, 75009 Paris). It is used to carry out A/B tests, to improve user-friendliness by tracking user behaviour and to personalise content. Pseudonymised IDs and cookie IDs are being processed for this purpose. The IP address is anonymised and will not be stored. The legal basis for this use is your consent. Further information can be found in the privacy policy of Kameleoon, https://www.kameleoon.com/en/privacy-policy.
16. You have control over your data
Your data belongs to you and we will be happy to provide you with information about what happens to it. That's why you always have the right:
- under Art. 15 of the GDPR to request information about your data processed by us. In particular, you may request information about:
1. The processing purposes,
2. The categories of data,
3. The categories of recipients to whom the data has been or will be disclosed;
4. The envisaged retention period,
5. Your right to rectification, erasure, restriction of processing or right to object,
6. Your right to lodge a complaint with a regulatory authority,
7. The source of your data if it has not been collected by us,
8. The existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and meaningful information about the logic involved and the significance and envisaged consequences of such processing for you as the data subject,
9. Whether the data relating to you is transferred to a third country or to an international organisation. In that regard, under Art. 46 of the GDPR, you may request to be informed about the appropriate guarantees in connection with the transmission. - under Art. 16 of the GDRP to immediately request that data stored by us be corrected or completed.
- under Art. 17 of the GDPR, you may request, in the following cases, that we delete the data that we have stored about you if:
1. The data concerning you is no longer necessary for the purposes for which we have collected it or processed it in any other way.
2. You are revoking your consent on the basis of which we process your data under Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of the GDPR and there is no other legal basis for processing.
3. You object under Art. 21 Para. 1 of the GDPR to your data being processed and there are no overriding legitimate reasons for processing, or you file an objection under Art. 21 Para. 2 of the GDPR.
4. The data relating to you has been processed illegally.
5. It is necessary to delete data relating to you in order to fulfil a legal obligation under EU law or the law of the Member States to which we as the data controller are subject.
6. The data relating to you has been collected in relation to the services provided by the information society under Art. 8 Para. 1 of the GDPR.
In the event that we as data controller have made your data public and are obliged under Art. 17 Para. 1 of the GDPR to delete the data, we will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the data, that you, as data subject, have requested that they delete all links to this data or copies or replications of this data.
However you shall have no right to deletion should processing be necessary
1. To exercise the right to freedom of expression and information;
2. To fulfil a legal obligation which requires processing under EU law or the law of the Member States to which we are subject, or to carry out a task which is in the public interest or which is carried out as part of exercising public authority which has been entrusted to us;
3. For reasons of public interest in the field of public health under Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of the GDPR;
4. For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Art. 89 Para. 1 of the GDPR, insofar as your right stated under Para. 1 is likely to make the realisation of the objectives of this processing impossible or seriously impair it, or
5. To assert, exercise or defend legal claims.
Under Art. 18 of the GDPR, you may request that restrictions are placed on your personal data being processed if
1. You dispute the accuracy of the data about you for a period of time that allows us to verify that the personal data is accurate;
2. Processing is unlawful and you decline to delete the personal data, instead requesting that restrictions are placed on how the data is used;
3. We no longer need the data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
4. You have filed an objection to processing under Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons for us as data controller outweigh your reasons.
In the event that restrictions have been placed on how data about you is processed, we may only process this data (storing the data aside) with your consent or to assert, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State.
In the event that restricted processing has been restricted in accordance with the above conditions, we will inform you before we remove the restriction;
- under Art. 20 of the GDPR, you may receive your data that you have provided to us in a structured, standard and machine-readable format or request that the data be transferred to another data controller. In addition, you have the right to transfer this data to another data controller without any obstruction by us to whom you have provided the data, provided that
1. Processing is based on consent under Art. 6 Para. 1 (a) of the GDPR or Art. 9 Para. 2 (a) of the GDPR or on a contract under Art. 6 Para. 1 (b) of the GDPR and
2. Processing is carried out by means of automated processes.
In exercising this right, you also have the right to have the data about you transferred directly from us to another data controller, as far as it is technically feasible to do so. The freedoms and rights of other persons must not be affected by this process.
The right to data transfer shall not apply to personal data being processed that is necessary to perform a task which is in the public interest or which is carried out in the exercise of public authority that has been entrusted to us:
- under Art. 7 Para. 3 of the GDPR, you may withdraw your consent at any time. As a result, we will not be permitted to continue processing data based on your consent in future and
- under Art. 77 of the GDPR, you may complain to a regulatory authority. Normally you can contact the regulatory authority for your usual place of residence or workplace or for our company headquarters.
17. Your right to object
What should you do if you no longer want us to process your data? It's your prerogative, just let us know.
If we process your personal data based on legitimate interests under Art. 6 Para. 1 (1) (f) of the GDPR, you have the right under Art. 21 of the GDPR to file an objection to your data being processed, provided there are reasons to do so based on your particular circumstances or you are objecting to direct mail. In the latter scenario, you have a general right to object which we will act on without you needing to state a particular reason. If you would like to use your right to revoke your consent or your right to file an objection, send us an email to info@bike-components.de.
Of course, you can also object to your data being processed for the purposes of advertising and data analysis at any time. All you have to do is send us an email to info@bike-components.de.
18. Your data is safe
Safety and security is important for us, not only when out cycling, but also when processing your data.
To protect against DDoS threats, we use a security solution provided by Akamai Technologies GmbH, Parkring 20, 85748 Garching Germany (hereinafter referred to as "Akamai"). This conforms to our legitimate interest (art. 6(1)(f) GDPR). For this purpose, the following personal data may be processed by Akamai: Log files (IP address, URLs of visited pages, date and time of access, telemetry data: e.g. mouse clicks, motion sequences and associated browser data). Akamai is the recipient of your personal information and acts as a processor for us. As Akamai is an American company and the transfer of data to the USA cannot be ruled out, the standard EU contractual clauses have been concluded with Akamai as an appropriate guarantee. Akamai will retain your personal information for as long as it is necessary for the described purposes (usually 24 hours). More information about Akamai's privacy policy can be found at: https://www.akamai.com/legal/compliance/privacy-trust-center
During your visit to the bc website, we use the popular Secure Socket Layer (SSL) method in conjunction with the highest level of encryption that is supported by your browser. Typically, this will involve 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. The closed padlock or unbroken key icon in the address bar of your browser tells you whether a single page is transmitted in encrypted form.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties. To this end, we continuously improve our security measures in line with technological developments.
19. Validity of this privacy policy
As cyclists, we know how important it is to always keep up to speed, which is why we also like to make sure that we are up to date when it comes to data protection.
This privacy policy is currently valid and is dated october 2023. It may be necessary to change our privacy policy either because we are developing our website or our offers on the website for you or because of changes to legal or regulatory requirements. You can read our current privacy policy on our website at any time or even print it out and display it on your wall https://www.bike-components.de/en/data-privacy/.
We fully appreciate that this is a lot of information to take in and that some of the wording may be difficult to understand. So if you have any questions about our privacy policy or general questions about data protection at bc, please feel free to contact me by email: datenschutz@bike-components.de.