1. Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by:
Data Controller: bc GmbH & Co. KG (hereinafter: bc),
Carlo-Schmid-Strasse 12, 52146 Würselen, Germany
Phone: +49 (0) 2405 / 450045
Fax: +49 (0) 2405 / 450046
Trade Register Aachen HRA6179
VAT no. DE191317292
bc Verwaltungs GmbH
Trade Register Aachen HRB21024
Marcus Wenkel, Klaus Hoenig, Philipp Simon
The company data protection officer for bc is Mr Stefan Sippel. He can be contacted at the above address, F.A.O. Mr Stefan Sippel, or at firstname.lastname@example.org.
2. Collection and storage of personal data as well as the nature and purpose of its use when visiting our website
When you visit our website www.bike-components.de, the browser used on your device automatically sends information to our website server. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- The website from which access takes place (referrer URL)
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the aforementioned data for the following purposes:
- To guarantee a smooth connection to the website
- To guarantee comfortable use of our website
- To evaluate system security and stability
- For other administrative purposes
The legal basis for the data processing is Art. 6(1)(1)(f) GDPR (General Data Protection Regulation). Our legitimate interest is derived from the purposes listed above for the collection of data. We will not use the data collected to draw conclusions about you under any circumstances.
3. Collection and storage of personal data as well as the nature and purpose of its use upon registration
Upon registration, we will save the information that we have listed under 2. in addition to
- Date and time of registration
- First name, last name
Our General Terms and Conditions valid at this time will also be stored. Our registration form is encrypted to ensure that the data entered in it cannot be viewed by third parties. You have the option to change your registration data at any time.
We store this data in order to give you the possibility to place orders and to access your order data at any time. The ordering data includes: your orders, your account data, your address book, your password, your newsletter subscription, your user data and your reviews.
The data is processed at your request and is required for the purposes stated for the appropriate processing of your orders and subscriptions and for the mutual fulfilment of obligations under the order agreements in accordance with Art. 6(1)(1)(b) GDPR.
If you have entered into a contract with us for the order of goods, the length of time for which your data is stored depends on the explanations below for 4. - Online order. If you have not placed an order, we will store your registration data for a reasonable period of time within which an order can be expected after registration, but no longer than three months.
4. Collection and storage of personal data as well as the nature and purpose of its use when ordering online
You can place an online order only once you have completed the registration process. We therefore store the information listed under 2. and 3. Our order form is encrypted to ensure that the data entered in it cannot be viewed by third parties. When you place an order, we collect the following additional information:
- Title, first name, last name
- Email address
- Phone number (if specified)
- Date and time of order
- Ordered goods
- Payment details
We also store the wording of the contract and our General Terms and Conditions applicable at the time of conclusion of the contract.
This data is collected:
- To identify you as our customer
- To deliver the ordered goods to you and to fulfil the contract
- For invoicing
- To settle the payment claims and assert any other claims against you
- For correspondence with you
- The data is processed at your request and is required for the purposes stated for the mutual fulfilment of obligations under the purchase contract in accordance with Art. 6(1)(1)(b) GDPR.
The personal data collected by us for the settlement of the purchase contract shall be stored until the statutory period of limitation expires (3 years after the end of the calendar year in which the claim arose and the creditor has become aware of the circumstances substantiating the claim and the person of the debtor or has had to obtain knowledge of it without gross negligence, Section 199(1) of the German Civil Code, (BGB)) and subsequently deleted, unless we are obligated to store it for longer in accordance with Art. 6(1)(1)(c) GDPR due to statutory and commercial legal storage and documentation obligations (from the German Commercial Code (HGB), the German Criminal Code (StGB) or General Fiscal Law (AO)) or you have consented for it to be stored for longer in accordance with Art. 6(1)(1)(a) GDPR.
5. Collection and storage of personal data as well as the nature and purpose of its use when registering for our newsletter
Provided you have given express consent in accordance with Art. 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter regularly. An email address is sufficient to receive the newsletter. You can unsubscribe at any time, for example using a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe by email to email@example.com.
6. Collection and storage of personal data as well as the nature and purpose of its use when using our contact form
If you have any questions, we give you the option to contact us via a form provided on the website. A valid email address is required to tell us who the request is from and to enable us to respond to it. Further information may be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(1)(a) GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the inquiry you have made. Our contact form is encrypted to ensure that the data entered in it cannot be viewed by third parties.
7. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only transfer your personal data to third parties, if:
- This is permitted by law and is required for the execution of contractual relations with you in accordance with Art. 6(1)(b) GDPR. We use the data you provide:
- To fulfil and process your order
- For transfer to the shipping company contracted with delivery to the extent necessary to deliver the goods
- To process payments. If necessary, we will share your payment details with our bank;
- The transfer in accordance with Art. 6(1)(f) GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding vested interest in the non-disclosure of your data, in the event that there is a legal obligation to transfer data in accordance with Art. 6(1)(c) GDPR, and
- You have given your explicit consent to do so in accordance with Art. 6(1)(a) GDPR, such as when making an application for paying in instalments (hire purchase), for example. When submitting the application for a hire purchase agreement, you give your consent for your data to be transferred to PayPal for a credit check. In order to carry out the credit check, your previously collected data (first name and surname, house number, street name, postcode, city of residence, date of birth, telephone number and the data collected in relation to placing your order) is stored, processed and used to the extent that is legally permissible. You give consent for this data to be transferred to PayPal for the purpose of carrying out the credit check.
- You select the payment method Amazon Pay. As part of the process for handling your payment, we will transfer your payment information to Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, 1855 Luxembourg. The data processors of data transferred to Amazon Payments Europe S.C.A. are Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three of which are located at 38 avenue J.F. Kennedy, 1855 Luxembourg. We will transfer your data solely for the purpose of processing your payment with the payment service provider Amazon Payments and only to the extent required for this purpose. Your data is transferred to Amazon Payments on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
- Details on making payments through Amazon Pay and its privacy notice can be found online at: https://pay.amazon.com/uk/help/201751600.
- You select to pay with a credit card. In this case, the payment service provider is SIX Payment Services (Europe) S.A., 10 rue Gabriel Lippmann, 5365 Munsbach, Luxembourg, (hereinafter referred to as: "SIX"). If you have opted for this payment method, you will be forwarded to the SIX payment page. Your personal data, email address or postal address, total payment amount, date and time of the order and order number / invoice number will be transferred to SIX. Your data is transferred on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). As part of the risk assessment process, the transferred data is stored, processed and used to the extent that is legally permissible. SIX makes a decision based on the result of the risk assessment as to whether or not the 3DSecure process must be carried out. Please observe the respective privacy statements of SIX at (www.six-payment-services.com/en/services/legal/privacy-statement.html). You are able to withdraw your consent at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
- If you have chosen Klarna as your payment service provider, we will pass on the data listed below to Klarna AB, Sveavägen 46,111 34 Stockholm, Sweden ("Klarna"). Klarna is a provider of Internet-based payment methods. These payment methods are invoice - 14 days, direct debit and immediate purchase. If you decide to pay with Klarna, the so-called Klarna checkout solution, we will provide Klarna with the personal data that Klarna needs in order to offer the services. These are your first and last name, your given address, your email address, your IP address, your telephone number, bank data as well as the data necessary for the processing of the invoice purchase such as product number, invoice amount and number of products such as VAT invoices if applicable.
You also communicate your personal data directly or indirectly to Klarna, for example if you choose one of Klarna's payment methods, contact Klarna or use Klarna's customer portal. Depending on which Klarna service you use, you can release the following data to Klarna:
- Address data and contact information: Name, date of birth, title, billing and delivery address, email address, mobile phone number
- Payment information: Debit and credit card data (card number, expiration date and CCV code) invoice data, account number.
Depending on which Klarna services you choose, the following data may be collected:
- Personal data and contact information such as name, date of birth, title, billing and delivery address, email address, mobile phone number
- Information about goods/services
- Financial information such as information about your income, any credit obligations and negative payment terms
- Historical information such as information about your previous purchases with Klarna, payment history dealing with credit acceptance
- Information about the interaction between you and Klarna
- Information about the interaction between you and us
- Device-related information such as IP address, browser settings, etc
- Location-related information such as geographical location
The data is transferred on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract)
The transmission of the data serves in particular the identity check, the payment administration, fraud prevention and execution of the credit assessment. Klarna obtains information from credit agencies for the purpose of identity checking - in credit checks
In Germany, these can be the following credit agencies:
- SCHUFA Holding AG, Kormoranweg 5,65201 Wiesbaden;
- Creditreform Boniversum GmbH Hellersbergstraße 11,41460 Neuss;
- Deutsche Post Direkt GmbH, Junkersring 57.53844 Troisdorf;
- Infoscore Consumer Data GmbH, Rheinstraße 99,76532 Baden-Baden;
- Regis 24 GmbH, Wallstraße 58,10719 Berlin;
- CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 München.
Further information on the activities of the respective credit agencies can be found in the respective information sheets pursuant to Art. 14 GDPR:
To prevent fraud Klarna uses the agency ThreatMetrix, Inc. 160 W Santa Clara St. Suite 1400, Sasn Jose, California 95113 USA (fraud prevention) https://www.threatmetrix.com/processing-notice/
Klarna also collects and uses information on the buyer's previous payment behaviour and probability values for this behaviour in the future as part of the decision on the establishment, execution and termination of the contractual relationship. The credit risk is assessed on the basis of mathematical and statistical procedures carried out by the credit agency. For this purpose, the personal data necessary for the credit assessment, such as name, address, bank data, are transferred to the credit agencies. The collection, storage and transfer is therefore carried out for the purpose of credit assessment to avoid default and on the basis of Art. 6(1)(1)(b) GDPR and Art. 6(1)(1)(f) GDPR. On the basis of this information, a statistical probability of a loan default and thus your solvency is calculated. If the credit check is positive, an order is possible. If the credit check is negative, Klarna will inform you immediately, your creditworthiness is then not given.
You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
Klarna has a data protection officer and a data protection department. You can contact Klarna’s data protection team at any time by email at firstname.lastname@example.org
Your personal data will not be transferred to other third parties for any other purposes nor will it be used for advertising purposes other than for sending newsletters to which you have opted in. Where we transfer your data to third parties as stated above, these third parties have been carefully selected and commissioned by us, are bound by our instructions and are checked on a regular basis.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you have indicated in your order is outside the EEA. We will transfer your data to service providers or partners outside the EEA if an adequacy decision for the respective country has been adopted by the Commission. In the event that data is transferred according to Art. 46, Art. 47 or Art. 49(1)(2) we will inform you about the consequences of this fact in the offer. Adequacy decisions have been adopted by the Commission for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, USA (restricted to the Privacy Shield framework). Information from the Commission regarding the adequacy decisions can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Information and explanations regarding the EU-US Privacy Shield can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
We use the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a)
- Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These store a session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can configure your browser settings in accordance with your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website if you do so.
Facebook pixel advanced matching
We also use Facebook pixels. The provider is Facebook Inc., 1601 S California Avenue AVE, Palo Alto, California 94304 USA or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; information on data collection: https://www.facebook.com/policy.php; more information on data processing: https://www.facebook.com/help/186325668085084, https://www.facebook.com/about/privacy/your-info-on-other#applications as well as https://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European Data Protection Law.
The Facebook pixel allows us to improve our website and make it more interesting for you as a user. The legal basis for its use is Art. 6(1)(1)(f) GDPR. When you visit our website, the Facebook pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or log in to our site, the visit to our website will be noted in your profile. The Facebook pixel captures the following types of data:
- HTTP headers – Everything contained in HTTP headers. HTTP headers are a standard web protocol that is sent between the browser request and server on the Internet. HTTP headers contain IP addresses, information on the web browser, site location, document, referrer and the visitors to the website.
- Pixel-specific data – This includes the pixel ID and the Facebook cookie.
- Button-click data – This includes any buttons clicked by the website visitor, the labels on these buttons and any pages accessed as a result of clicking on the button.
- Optional values – Conversion values, page types
- Form field names – These include the names of website fields, such as "Address" and "Quantity" that are filled out when you purchase a product or service. The pixel does not capture field values.
We also use the "advanced matching" access function. This feature allows customer data such as first name, last name, email address, telephone number or Facebook IDs to be transmitted to Facebook and enhanced using existing tracking data. If you are registered with a service from Facebook, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that your IP address and other identifying features will be learned and stored. You can find further information on advanced matching at: https://www.facebook.com/business/help/611774685654668.
We have no influence on the extent and further use of the data collected by Facebook and therefore inform you in accordance with our knowledge.
You can object to collection by the Facebook pixel. You can also choose which types of ads you see within Facebook. To do this, you must go to the page set up by Facebook for this purpose and follow the instructions for setting usage-based advertising: https://www.facebook.com/settings?tab=ads. You can also object to its use by following the opt-out procedure: