11. What information is stored when you use payment service providers
You can pay us safely in different ways and choose the simplest method for you. We will not share your personal information with third parties unless:
1. It is permitted under law and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes of fulfilling contractual relationships with you. As part of this process, we use the data you provide:
1.1. To process your order.
1.2. To pass the data on to the shipping company responsible for delivery, as far as this is necessary for your goods to be delivered.
1.3. To process payments. For this purpose, we may pass on your payment data to our principal bank.
2. It is necessary to share your personal information in accordance with Art. 6 Para. 1 (1) (f) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding and legitimate interest in your data not being shared in the event that there is a legal obligation to share in accordance with Art. 6 Para. 1 (1) (c) of the GDPR and
3. You have expressly consented to this in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.
4. You select the PayPal payment method. Then we pass on the required data to PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; hereinafter referred to as PayPal). PayPal is run as a bank across the EU. The supervisory authority is the Luxembourg Banking Authority CSSF (Commission de Surveillance du Secteur Financier). The information that we automatically pass on to PayPal for the purposes of your payment transaction is usually first name and surname, street, house number, postcode, city, phone number and the data related to your order within the scope permitted by law.
4.1. If you use PayPal services, PayPal collects the following data from you:
4.1.1. Information on registration and use. If you do not have a PayPal account, you may need to provide your name, address, phone number, email address and other identifying information to set up an account, depending on the services you choose.
4.1.2. Information about transactions and experiences, such as the amount sent or requested, the amount paid for products or services, dealer information, including sources of payment used for the transaction, device information, technical usage data and location data.
4.1.3 Personal data of those participating in the transaction, i.e., data that you provide to PayPal about other participants in connection with the transaction.
4.1.4. All other data collected by PayPal can be found here.
4.2. For credit checking purposes, PayPal will pass your data on to credit agencies. These can also be found here.
5. You select the Amazon Pay method of payment. We will then pass your payment details onto amazon payments Europe s.c.a. as part of the payment process (38 avenue J.F.Kennedy, L-1855 Luxembourg; hereinafter referred to as amazon payments). Data passed to amazon payments is processed by amazon EU SARL, amazon Services Europe SARL and amazon Media EU SARL (all three are located at 38 avenue J.F. Kennedy, L-1855, Luxembourg). We will only share your data in order to process the payment with the payment service provider amazon payments and only if it is necessary.
5.1. Your data will be shared with amazon payments on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
5.2. You have the option to revoke your consent to your data being processed at any time. Your revocation does not affect the effectiveness of previous data processing operations.
6. You want to pay with your credit card. For this purpose, we rely on the payment service SIX Payment Services (Europe) S.A. (10, rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg; hereinafter referred to as SIX). If you have chosen this payment method, you will be transferred to the SIX payment page and we will send your data, email address or address, total amount, order date and time as well as order number/invoice number to SIX. Your data will be shared on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
6.1. The data shared shall be stored, processed and used within the scope permitted by law for risk assessment purposes. SIX decides whether the 3D Secure protocol needs to be run on the basis of the outcome of the risk assessment.
6.3. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.
7. If you have decided to pay with Klarna, we will pass on the data you provided to Klarna AB (Sveavägen 46,111 34 Stockholm, Sweden; hereinafter referred to as Klarna). Klarna is a provider of Internet-based payment methods, which offers you the invoice (14 days), direct debit and pay now payment methods.
If you decide to pay with Klarna (Klarna checkout solution), we will provide Klarna with the personal data required for processing: first name and surname, address, email address, IP address, telephone number, bank details as well as the data necessary to process the purchase on account such as item number, invoice amount and number of items such as VAT invoices, if applicable.
7.1. You also provide Klarna with personal data directly or indirectly, for example if you choose one of the Klarna payment options, contact Klarna or use the Klarna customer portal. Depending on the Klarna service you are using, you can share the following data:
7.1.1. Address information and contact information: name, date of birth, title, billing and delivery address, email address, mobile phone number
7.1.2. Payment information: debit and credit card details (card number, expiry date and CCV code), invoice data, account number
7.2. Depending on which Klarna services you choose, the following data may be collected:
7.2.1. Personal data and contact information such as name, date of birth, title, billing and delivery address, email address, mobile phone number
7.2.2. Information on goods/services
7.2.3. Financial information such as your income, any credit obligations and negative payment attributes
7.2.4. Historical information such as information about your purchases to date with Klarna, payment history and credit acceptance
7.2.5. Information about the interaction between you and Klarna
7.2.6. Information about the interaction between you and us
7.2.7. Device-related information such as IP address and browser settings
7.2.8. Location-related information such as geographical location
7.4. Data shall be transferred on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
7.5. The purpose of sharing data is in particular to verify identity, administer payments, prevent fraud and to carry out credit checks. Klarna collects information from credit agencies for the purpose of verifying identity and carrying out credit checks. In Germany, this may involve the following credit agencies:
7.5.1. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden;
7.5.2. Creditreform Boniversum GmbH Hellersbergstraße 11,41460 Neuss;
7.5.3. Deutsche Post Direkt GmbH , Junkersring 57,53844 Troisdorf;
7.5.4. Infoscore Consumer Data GmbH, Rheinstraße 99,76532 Baden-Baden;
7.5.5. Regis 24 GmbH, Wallstraße 58,10719 Berlin;
7.5.6. CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 Munich.
7.6. You can find more information about what the agencies do on the respective information sheets in accordance with Art. 14 of the GDPR:
7.7. Klarna uses the agency ThreatMetrix, Inc. to prevent fraud. (160 W Santa Clara St. Suite 1400, San Jose, California 95113 USA; Processing Notice as PDF).
7.8. As part of the decision to draw up, implement and terminate the contract, Klarna also collects and uses information about your payment history to date and probability values relating to your future behaviour. The credit risk is assessed on the basis of mathematical and statistical processes employed by the credit agency. For this purpose, the personal data necessary for the purposes of the credit check, such as name, address and bank details, is shared with the credit agencies. Data is therefore collected, stored and transferred for the purposes of the credit check in order to avoid a default on payment and on the basis of Art. 6 Para. 1 (1) (b) of the GDPR and of Art. 6 Para. 1 (1) (f) of the GDPR. On the basis of this information, a statistical probability of defaulting on credit and thus your ability to pay is calculated. If the credit check is positive, you can place your order. If the credit check is negative, Klarna will inform you immediately as this means you are not deemed creditworthy.
7.9. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.
7.10. Klarna has a Data Protection Officer and a data protection department. You can contact them at any time by email:firstname.lastname@example.org.
Except in the aforementioned cases, we will not pass your data on to other third parties or use it for advertising purposes other than for the purposes of sending the newsletter to you, to which you will have consented. Bikers' word of honour. If we share your information with the aforementioned third parties, you can be sure that we have carefully selected and explicitly appointed them; they are bound by our instructions and are monitored regularly.
If our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we will inform you in the description of our offer, what the consequences are. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you specified in your order is outside the EEA. In addition, there must be an EU Commission adequacy decision in place for the country concerned. Where data will need to be transmitted in accordance with Art. 46 or Art. 47 or Art. 49 Para. 1 sub-paragraph 2, we will inform you about the consequences as part of our offer. The Commission has adopted adequacy decisions for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, South Korea, Uruguay and the United Kingdom. The Commission's comments on its adequacy decisions can be found here.
Data transfer to the USA is based on the standard contractual clauses (SCC) approved by the EU Commission. The latest standard contractual clauses can be found here.