Data Protection

1. Name and contact details of the data controller and the company data protection officer

This data protection information applies to data processing by:

Data Controller: bc GmbH & Co. KG (hereinafter: bc),
Carlo-Schmid-Strasse 12, 52146 Würselen, Germany
Email: info@bike-components.de
Phone: +49 (0) 2405 / 450045
Fax: +49 (0) 2405 / 450046

Trade Register Aachen HRA6179
VAT no. DE191317292

General Partner:
bc Verwaltungs GmbH
Headquarters: Würselen
Trade Register Aachen HRB21024
Management:
Marcus Wenkel, Klaus Hoenig, Philipp Simon

The company data protection officer for bc is Mr Stefan Sippel. He can be contacted at the above address, F.A.O. Mr Stefan Sippel, or at datenschutz@bike-components.de.

2. Collection and storage of personal data as well as the nature and purpose of its use when visiting our website

When you visit our website www.bike-components.de, the browser used on your device automatically sends information to our website server. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • The website from which access takes place (referrer URL)
  • The browser used and, if applicable, the operating system of your computer as well as the name of your access provider

We process the aforementioned data for the following purposes:

  • To guarantee a smooth connection to the website
  • To guarantee comfortable use of our website
  • To evaluate system security and stability
  • For other administrative purposes

The legal basis for the data processing is Art. 6(1)(1)(f) GDPR (General Data Protection Regulation). Our legitimate interest is derived from the purposes listed above for the collection of data. We will not use the data collected to draw conclusions about you under any circumstances.

In addition, we use cookies and analysis services when you visit our website. For more information, please see Clauses 8 and 9 of this Privacy Policy.

3. Collection and storage of personal data as well as the nature and purpose of its use upon registration

Upon registration, we will save the information that we have listed under 2. in addition to

  • Date and time of registration
  • First name, last name
  • Email
  • Password

Our General Terms and Conditions valid at this time will also be stored. Our registration form is encrypted to ensure that the data entered in it cannot be viewed by third parties. You have the option to change your registration data at any time.

We store this data in order to give you the possibility to place orders and to access your order data at any time. The ordering data includes: your orders, your account data, your address book, your password, your newsletter subscription, your user data and your reviews.

The data is processed at your request and is required for the purposes stated for the appropriate processing of your orders and subscriptions and for the mutual fulfilment of obligations under the order agreements in accordance with Art. 6(1)(1)(b) GDPR.

If you have entered into a contract with us for the order of goods, the length of time for which your data is stored depends on the explanations below for 4. - Online order. If you have not placed an order, we will store your registration data for a reasonable period of time within which an order can be expected after registration, but no longer than three months.

4. Collection and storage of personal data as well as the nature and purpose of its use when ordering online

You can place an online order only once you have completed the registration process. We therefore store the information listed under 2. and 3. Our order form is encrypted to ensure that the data entered in it cannot be viewed by third parties. When you place an order, we collect the following additional information:

  • Title, first name, last name
  • Email address
  • Address
  • Phone number (if specified)
  • Date and time of order
  • Ordered goods
  • Payment details

We also store the wording of the contract and our General Terms and Conditions applicable at the time of conclusion of the contract.

This data is collected:

  • To identify you as our customer
  • To deliver the ordered goods to you and to fulfil the contract
  • For invoicing
  • To settle the payment claims and assert any other claims against you
  • For correspondence with you
  • The data is processed at your request and is required for the purposes stated for the mutual fulfilment of obligations under the purchase contract in accordance with Art. 6(1)(1)(b) GDPR.

The personal data collected by us for the settlement of the purchase contract shall be stored until the statutory period of limitation expires (3 years after the end of the calendar year in which the claim arose and the creditor has become aware of the circumstances substantiating the claim and the person of the debtor or has had to obtain knowledge of it without gross negligence, Section 199(1) of the German Civil Code, (BGB)) and subsequently deleted, unless we are obligated to store it for longer in accordance with Art. 6(1)(1)(c) GDPR due to statutory and commercial legal storage and documentation obligations (from the German Commercial Code (HGB), the German Criminal Code (StGB) or General Fiscal Law (AO)) or you have consented for it to be stored for longer in accordance with Art. 6(1)(1)(a) GDPR.

5. Collection and storage of personal data as well as the nature and purpose of its use when registering for our newsletter

Provided you have given express consent in accordance with Art. 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter regularly. An email address is sufficient to receive the newsletter. You can unsubscribe at any time, for example using a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe by email to info@bike-components.de.

6. Collection and storage of personal data as well as the nature and purpose of its use when using our contact form

If you have any questions, we give you the option to contact us via a form provided on the website. A valid email address is required to tell us who the request is from and to enable us to respond to it. Further information may be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(1)(a) GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the inquiry you have made. Our contact form is encrypted to ensure that the data entered in it cannot be viewed by third parties.

7. Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only transfer your personal data to third parties, if:

  • This is permitted by law and is required for the execution of contractual relations with you in accordance with Art. 6(1)(b) GDPR. We use the data you provide:
  1. To fulfil and process your order
  2. For transfer to the shipping company contracted with delivery to the extent necessary to deliver the goods
  3. To process payments. If necessary, we will share your payment details with our bank;
  •  The transfer in accordance with Art. 6(1)(f) GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding vested interest in the non-disclosure of your data, in the event that there is a legal obligation to transfer data in accordance with Art. 6(1)(c) GDPR, and
  • You have given your explicit consent to do so in accordance with Art. 6(1)(a) GDPR, such as when making an application for paying in instalments (hire purchase), for example. When submitting the application for a hire purchase agreement, you give your consent for your data to be transferred to PayPal for a credit check. In order to carry out the credit check, your previously collected data (first name and surname, house number, street name, postcode, city of residence, date of birth, telephone number and the data collected in relation to placing your order) is stored, processed and used to the extent that is legally permissible. You give consent for this data to be transferred to PayPal for the purpose of carrying out the credit check.
  • You select the payment method Amazon Pay. As part of the process for handling your payment, we will transfer your payment information to Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, 1855 Luxembourg. The data processors of data transferred to Amazon Payments Europe S.C.A. are Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three of which are located at 38 avenue J.F. Kennedy, 1855 Luxembourg. We will transfer your data solely for the purpose of processing your payment with the payment service provider Amazon Payments and only to the extent required for this purpose. Your data is transferred to Amazon Payments on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
  • Details on making payments through Amazon Pay and its privacy notice can be found online at: https://pay.amazon.com/uk/help/201751600.
  • You select to pay with a credit card. In this case, the payment service provider is SIX Payment Services (Europe) S.A., 10 rue Gabriel Lippmann, 5365 Munsbach, Luxembourg, (hereinafter referred to as: "SIX"). If you have opted for this payment method, you will be forwarded to the SIX payment page. Your personal data, email address or postal address, total payment amount, date and time of the order and order number / invoice number will be transferred to SIX. Your data is transferred on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract). As part of the risk assessment process, the transferred data is stored, processed and used to the extent that is legally permissible. SIX makes a decision based on the result of the risk assessment as to whether or not the 3DSecure process must be carried out. Please observe the respective privacy statements of SIX at (www.six-payment-services.com/en/services/legal/privacy-statement.html). You are able to withdraw your consent at any time. Withdrawing your consent does not affect the validity of prior data processing operations.
  • If you have chosen Klarna as your payment service provider, we will pass on the data listed below to Klarna AB, Sveavägen 46,111 34 Stockholm, Sweden ("Klarna").  Klarna is a provider of Internet-based payment methods. These payment methods are invoice - 14 days, direct debit and immediate purchase. If you decide to pay with Klarna, the so-called Klarna checkout solution, we will provide Klarna with the personal data that Klarna needs in order to offer the services. These are your first and last name, your given address, your email address, your IP address, your telephone number, bank data as well as the data necessary for the processing of the invoice purchase such as product number, invoice amount and number of products such as VAT invoices if applicable.

    You also communicate your personal data directly or indirectly to Klarna, for example if you choose one of Klarna's payment methods, contact Klarna or use Klarna's customer portal. Depending on which Klarna service you use, you can release the following data to Klarna:

    - Address data and contact information: Name, date of birth, title, billing and delivery address, email address, mobile phone number
    - Payment information: Debit and credit card data (card number, expiration date and CCV code) invoice data, account number.

    Depending on which Klarna services you choose, the following data may be collected:

    - Personal data and contact information such as name, date of birth, title, billing and delivery address, email address, mobile phone number
    - Information about goods/services
    - Financial information such as information about your income, any credit obligations and negative payment terms
    - Historical information such as information about your previous purchases with Klarna, payment history dealing with credit acceptance
    - Information about the interaction between you and Klarna
    - Information about the interaction between you and us
    - Device-related information such as IP address, browser settings, etc
    - Location-related information such as geographical location

    Klarna is itself responsible for the data you provide us with in accordance with the Basic Data Protection Regulation. Details can be found in Klarna's privacy policy here https://www.klarna.com/de/datenschutz/ and https://www.klarna.com/sofort/datenschutz/ (German links)

    The data is transferred on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the performance of a contract)

    The transmission of the data serves in particular the identity check, the payment administration, fraud prevention and execution of the credit assessment. Klarna obtains information from credit agencies for the purpose of identity checking - in credit checks

    In Germany, these can be the following credit agencies:

    - SCHUFA Holding AG, Kormoranweg 5,65201 Wiesbaden;
    - Creditreform Boniversum GmbH Hellersbergstraße 11,41460 Neuss;
    - Deutsche Post Direkt GmbH, Junkersring 57.53844 Troisdorf;
    - Infoscore Consumer Data GmbH, Rheinstraße 99,76532 Baden-Baden;
    - Regis 24 GmbH, Wallstraße 58,10719 Berlin;
    - CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 München.

    Further information on the activities of the respective credit agencies can be found in the respective information sheets pursuant to Art. 14 GDPR:

    - https://www.schufa.de/en/data-privacy/
    https://www.boniversum.de/eu-dsgvo/?lang=en
    - https://finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf
    - https://www.regis24.de
    - https://www.crifbuergel.de/en/privacy

    To prevent fraud Klarna uses the agency ThreatMetrix, Inc. 160 W Santa Clara St. Suite 1400, Sasn Jose, California 95113 USA (fraud prevention) https://www.threatmetrix.com/processing-notice/

    Klarna also collects and uses information on the buyer's previous payment behaviour and probability values for this behaviour in the future as part of the decision on the establishment, execution and termination of the contractual relationship. The credit risk is assessed on the basis of mathematical and statistical procedures carried out by the credit agency. For this purpose, the personal data necessary for the credit assessment, such as name, address, bank data, are transferred to the credit agencies. The collection, storage and transfer is therefore carried out for the purpose of credit assessment to avoid default and on the basis of Art. 6(1)(1)(b) GDPR and Art. 6(1)(1)(f) GDPR. On the basis of this information, a statistical probability of a loan default and thus your solvency is calculated. If the credit check is positive, an order is possible. If the credit check is negative, Klarna will inform you immediately, your creditworthiness is then not given.

    You are able to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the validity of prior data processing operations.

    Klarna has a data protection officer and a data protection department. You can contact Klarna’s data protection team at any time by email at datenschutz@klarna.de

Your personal data will not be transferred to other third parties for any other purposes nor will it be used for advertising purposes other than for sending newsletters to which you have opted in. Where we transfer your data to third parties as stated above, these third parties have been carefully selected and commissioned by us, are bound by our instructions and are checked on a regular basis.

If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you have indicated in your order is outside the EEA. We will transfer your data to service providers or partners outside the EEA if an adequacy decision for the respective country has been adopted by the Commission. In the event that data is transferred according to Art. 46, Art. 47 or Art. 49(1)(2) we will inform you about the consequences of this fact in the offer. Adequacy decisions have been adopted by the Commission for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, USA (restricted to the Privacy Shield framework). Information from the Commission regarding the adequacy decisions can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Information and explanations regarding the EU-US Privacy Shield can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en

8. Cookies

We use cookies to design and optimise our website. Cookies are small text files that are stored on your hard disk and are assigned to the browser you are using and through which the entity that sets the cookie (here econda GmbH (http://www.econda.de) receives certain information. Cookies cannot run programs or transfer viruses to your computer. They are used to make the Internet service more user-friendly and effective overall.

Our website also includes cookies from Klarna. Klarna uses cookies to optimise the use of the Klarna - Check-Out solution. The optimisation of the check-out solution solution thus represents a legitimate interest under Art. 6(1)(f) GDPR. You can read more about the cookie usage of Klarna here https://www.klarna.com/de/cookies (German) and https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf (German)

We use the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (see a)
  • Persistent cookies (see b)

a) Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These store a session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

You can configure your browser settings in accordance with your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website if you do so.

We use cookies to identify you for follow-up visits. For the design and optimisation of this website, anonymised data is collected and stored using solutions and technologies from econda GmbH (http://www.econda.de), and usage profiles are created from this data under pseudonyms. For this purpose, we use cookies that enable an Internet browser to be recognised. However, user profiles are not merged with data about the holder of the pseudonym without the explicit consent of the visitor. In particular, IP addresses are made unrecognisable immediately after input, which makes it impossible to assign user profiles to IP addresses. Visitors to this website may opt out of this data collection and storage for the future here at any time: Opt-Out.

This website uses services provided by brytes GmbH (https://www.brytes.de; Am Rombergpark 31a, 44225 Dortmund, Germany) for the purpose of designing and optimising this website. The data collected for this purpose is stored anonymously and used to derive pseudonymised behaviour. In the course of this procedure, we use cookies. Usage and behaviour data is not merged with personal master data without consent, but is viewed exclusively anonymously. As part of the anonymisation process, IP addresses are also made unrecognisable. You can object to this type of data collection and processing here.

Facebook pixel advanced matching

We also use Facebook pixels. The provider is Facebook Inc., 1601 S California Avenue AVE, Palo Alto, California 94304 USA or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; information on data collection: https://www.facebook.com/policy.php; more information on data processing: https://www.facebook.com/help/186325668085084https://www.facebook.com/about/privacy/your-info-on-other#applications as well as https://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European Data Protection Law.

The Facebook pixel allows us to improve our website and make it more interesting for you as a user. The legal basis for its use is Art. 6(1)(1)(f) GDPR. When you visit our website, the Facebook pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or log in to our site, the visit to our website will be noted in your profile. The Facebook pixel captures the following types of data:

  • HTTP headers – Everything contained in HTTP headers. HTTP headers are a standard web protocol that is sent between the browser request and server on the Internet. HTTP headers contain IP addresses, information on the web browser, site location, document, referrer and the visitors to the website.
  • Pixel-specific data – This includes the pixel ID and the Facebook cookie.
  • Button-click data – This includes any buttons clicked by the website visitor, the labels on these buttons and any pages accessed as a result of clicking on the button.
  • Optional values – Conversion values, page types
  • Form field names – These include the names of website fields, such as "Address" and "Quantity" that are filled out when you purchase a product or service. The pixel does not capture field values.

We also use the "advanced matching" access function. This feature allows customer data such as first name, last name, email address, telephone number or Facebook IDs to be transmitted to Facebook and enhanced using existing tracking data. If you are registered with a service from Facebook, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that your IP address and other identifying features will be learned and stored. You can find further information on advanced matching at: https://www.facebook.com/business/help/611774685654668.

We have no influence on the extent and further use of the data collected by Facebook and therefore inform you in accordance with our knowledge.

You can object to collection by the Facebook pixel. You can also choose which types of ads you see within Facebook. To do this, you must go to the page set up by Facebook for this purpose and follow the instructions for setting usage-based advertising: https://www.facebook.com/settings?tab=ads. You can also object to its use by following the opt-out procedure:

 

The data processed by cookies is required for the purposes stated for the protection of our legitimate interests as well as of third parties in accordance with Art. 6(1)(1)(f) GDPR.

9. Analysis tools

Tracking tools

The tracking measures listed below and used by us are performed on the basis of Art. 6(1)(1)(f) GDPR. By using these tracking measures, we intend to ensure that our website is designed appropriately and that it is continuously optimised. We also use the tracking measures to record statistics pertaining to the use of our website and to evaluate these in order to optimise our website for you. These interests are considered legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

(1) Google Analytics

For the purpose of designing and continuously optimising our pages as required, we use Google Analytics, a web analysis service provided by Google Inc. (https://about.google/intl/en/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this context, pseudonymised user profiles are created and cookies (see section 8) are used. The information generated by the cookie about your use of this website, such as

  • Browser type/version
  • Operating system used
  • Referrer URL (the page visited previously)
  • Host name of the accessing computer (IP address)
  • Time of the server request

is transferred to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website use and Internet use for market research purposes and to design these Internet pages appropriately. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymised so that an assignment is not possible (IP masking). You can prevent the installation of cookies by

setting your browser software accordingly; we would, however, like to point out that in this case, you may not be able to use all functions of this website in full.

In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (incl. your IP address) as well as from processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this checkbox.

This sets an opt-out cookie to prevent future collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. For more information about data protection in relation to Google Analytics, see the Google Analytics Help page (https://support.google.com/analytics/answer/6004245?hl=en).

(2) Google Adwords Conversion Tracking

In order to record statistics pertaining to the use of our website and to evaluate these for the purpose of optimising our website for you, we also use Google Conversion Tracking. As part of this, Google Adwords sets a cookie (see Clause 8) on your computer if you have opened our website via a Google ad. These cookies expire after 30 days and are not used for personal identification purposes. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can see that the user has clicked on the ad and was forwarded to this page. Every Adwords customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will be informed of the total number of users who have clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can personally identify users. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this purpose – for example, setting your browser to generally disable the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's conversion tracking privacy policy can be found here (https://services.google.com/sitestats/en.html).

(3) Google AdWords Remarketing

Our website uses Google Adwords Remarketing Tags. Google Adwords Remarketing is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). For this purpose, cookies are stored on your computer and are used by Google to analyse the use of the website. The information generated by the cookie (including your IP address) is transmitted to and stored by Google on a server in the United States. Google then truncates the last three digits of the IP address. This means that a unique assignment of the IP address is no longer possible. Google will use this information to evaluate your use of the website, to compile reports on website activities for website operators and to provide other services related to website use and Internet use. In addition, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Third parties, including Google, place ads on websites on the Internet.

Third parties, including Google, use stored cookies to place ads based on previous visits by a user to this website. Under no circumstances will Google associate your IP address with other data collected by Google. Google is registered with the U.S. Department of Commerce's Safe Harbor program and adheres to the Privacy Policy of the US Safe Harbor Agreement.

You can object to the collection and storage of data at any time with effect for the future. You can disable Google's use of cookies by visiting the website for disabling Google Ads. Click here

However, we would like to point out that in this case you may not be able to use all functions of this website in full. By using this website, you agree to the processing of the data collected about you in the manner described above by Google and for the purpose stated above. 

(4) YouTube plugin, links to social media

(a) We do not use any Twitter or Instagram media plugins on our website. The icons shown are links to these social media sites only. Consequently, no data will be transferred to the servers of the above-mentioned providers unless you actively click on one of these links.

 (b) We have embedded YouTube videos in our online site. These are stored at http://www.youtube.com and can be played directly from our website. All of these are embedded in "privacy-enhanced mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data stated in Paragraph 2 be transferred. We have no influence on this data transfer.

(c) By visiting the website, YouTube will be informed that you have accessed the corresponding subpage of our website. In addition, the data stated under Point 2 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles, which it uses for advertising, market research and/or the design of its website. This kind of evaluation shall be carried out in particular (even for users who are not logged in) for the provision of appropriate advertising and in order to inform other users of the social network about your activities on our website. You are entitled to object to the formation of these user profiles. You must contact YouTube to exercise this right.

(d) For more information on the purpose and scope of the data collection and its processing by YouTube, see to the Privacy Policy. This also contains further information about your rights and setting options for protecting your privacy: https://policies.google.com/privacy?hl=en.

Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(5) Commerce Connector

We use a tracking pixel from the company Commerce Connector GmbH, Eberhardstrasse 69-71, 70173 Stuttgart on our website.

The tracking pixel is a 1 x 1 pixel-sized graphic that is virtually invisible and has no relevant impact on loading times. The tracking pixel is activated only for customers who access our website via the link of a manufacturer who has integrated this pixel. Via the manufacturer, you can open the website of Commerce Connector GmbH, www.commerce.connector.com. For this purpose, the manufacturer uses the Commerce Connector buy now online software-based service in order to show visitors which online retailers stock a certain product for purchase. One of these online retailers is www.bike-components.de. If you have clicked on the manufacturer's link, Commerce Connector GmbH will store a cookie on your device for a limited period of time, which is usually seven days. If you make a purchase with us within this period, Commerce Connector GmbH can access the cookie to obtain information about your purchase from us as soon as you access our confirmation page.

The tracking pixel is used to communicate the following to the manufacturer via Commerce Connector: information about the shop ID, the EAN for each article, the quantity ordered, the net price (optional), the time of the order, the number of orders and the IP address of the customer or other user data or customer data. The tracking pixel is located on the website of Commerce Connector GmbH using only an HTML embed image tag. Anonymised sales statistics regarding individual products are generated using the purchase information.

For more information, see https://www.commerce-connector.com/web/en/policy-cco/

If you wish to disable the tracking system from Commerce Connector, you can do so via https://www.commerce-connector.com/web/en/policy-cco/

To disable this, please follow the instructions at the Commerce Connector URL specified.

(6) Hotjar (hotjar Ltd.)

This website uses the web analysis service Hotjar from Hotjar Ltd.. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel: +1 (855) 464-6788).

We use Hotjar to better understand the needs of our users and to optimise the offerings on this website.  Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and dislike, etc.) and helps us tailor our offerings to our users' feedback. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices (including, but not limited to, the IP address of the device (collected and stored only in an anonymous form), your email address, your first and last name if you provided it to us through our website, screen size, unique device identifiers, browser information, log data, location (country only), preferred language for viewing our website). In case of using Hotjar, we will store the pages visited, location (country only), preferred language and referring domains for displaying our website, as well as the date and time of your access to our website. Hotjar stores this information in a pseudonymous user profile.  The information will not be used by Hotjar or by us to identify individual users or merged with other data about individual users. With this tool, movements on the websites on which Hotjar is used can be traced (so-called heat maps). The above analysis is based on our legitimate interests for optimisation and marketing purposes and the design of our website in accordance with Art. 6(1)(f) GDPR. Areas of the website in which personal data is displayed by you or third parties are automatically hidden by Hotjar and are therefore not traceable at any time.

You may opt out of Hotjar's storage of a user profile and information about your visit to our website and Hotjar's use of tracking cookies on other websites by clicking this opt-out link https://www.hotjar.com/legal/compliance/opt-out. If you use our website with different browsers/computers, you must set up the "Hotjar Opt Out" separately for each of these browsers/computers.

Detailed instructions with information about your browser can be found at https://www.hotjar.com/opt-out

More information about Hotjar Ltd. and the Hotjar tool can be found at https://www.hotjar.com

The privacy policy of Hotjar Ltd. can be found at https://www.hotjar.com/privacy

10. Rights of data subjects

You have the right:

  • To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint with a supervisory authority, the origin of your data, if it has not been collected by us and the existence of automated decision-making processes including profiling in accordance with Art. 22(1) and (4) GDPR and meaningful information on the logic involved as well as the scope and intended impact of such processing on the data subject. You have the right to request information on whether the personal data concerning you has been transferred to a third country or to an international organisation. In this context, you may request that the appropriate guarantees be provided in accordance with Art. 46 GDPR in the context of the transfer;
  • To demand the immediate correction of inaccurate personal data or completion of personal data stored by us in accordance with Art. 16 GDPR;
  • To request the deletion of your personal data stored by us in accordance with Art. 17 GDPR in the following cases:
  1. The personal data pertaining to you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
  3. You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data pertaining to you is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.
  6. The personal data pertaining to you has been collected in relation to the information society services offered in accordance with Art. 8(1) GDPR;

If the data controller has made the personal data pertaining to you public and if it is obligated to delete it in accordance with Art. 17(1) GDPR, it shall take appropriate action, including technical measures, taking into account available technology and implementation costs, to inform data controllers that process the personal data that you, as the data subject, have requested that they delete all links to this personal data or any copies or replications of this personal data.

The right to deletion does not exist if processing is necessary

  1. For the exercise of the right to freedom of expression and information;
  2. For the fulfilment of a legal obligation that requires processing under the law of the Union or of the Member States to which the data controller is subject, or for the performance of a task that is in the public interest or in the exercise of public authority entrusted to the data controller;
  3. For reasons of public interest in the field of public health, in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  4. For archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the law referred to in Para. 1 is expected to make realising the objectives of this processing impossible or seriously impair it, or
  5. For the assertion, exercise or defence of legal claims.
  6. You can request that the processing of your personal data is restricted in accordance with Art. 18 GDPR, if
  7. You contest the accuracy of the personal data pertaining to you for a period of time that enables the data controller to verify the accuracy of the personal data;
  8. The processing is unlawful and you reject the deletion of the personal data and instead request the restriction of its use;
  9. The data controller no longer requires the personal data for the purposes of processing, however, you require it for the assertion, exercise or defence of legal claims, or
  10. You have objected to processing in accordance with Art. 21(1) GDPR and it is has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data pertaining to you has been restricted, such data – with the exception of its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted;

  • To receive the personal data that you have provided us with in a structured, accessible and machine-readable format or to request its transfer to another data controller in accordance with Art. 20 GDPR. Furthermore, you have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data has been provided, as long as
  1. Processing is based on consent pursuant to Art. 6(1)(A) GDPR or Art. 9(2)(a) GDPR or a contract pursuant to Art. 6(1)(b) GDPR and
  2. Processing is carried out using automated methods.

By exercising this right, you also have the right to have personal data pertaining to you transferred directly by one data controller to another data controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task that is in the public interest or in the exercise of public authority that has been entrusted to the data controller;

  • To withdraw any consent you have given us at any time in accordance with Art. 7(3) GDPR. If you do so, this means that in future we will no longer continue to process the data based on this consent.
  • To lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Usually, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

11. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for this which arise from your particular situation or if the objection is directed at direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation. If you would like to exercise your right of withdrawal or objection, it is sufficient to send an email to info@bike-components.de.

You can of course object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising via the email address above.

12. Data security

We use the commonly used SSL procedure (Secure Socket Layer) as part of visits to our website in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted in encrypted form by the closed key or padlock icon in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

13. Updates and modification of this Privacy Policy

This Privacy Policy is currently valid as of August 2019. The further development of our website and offers on it or changes in legal or regulatory requirements may necessitate changes to this Privacy Policy. You may download and print out the current Privacy Policy from our website https://www.bike-components.de/en/data-privacy/

at any time.

Our TÜV certified data protection officer

1. We employ our own TÜV certified data protection officer, who monitors compliance with the regulations. Our data protection officer will be pleased to answer any questions you may have at any time on datenschutz@bike-components.de

2. We process all data in house and thus do not operate any external call centre.

3. Never at any time do we contact you without your request.

4. We do not transfer or sell customer data.

5. The shipping company, which delivers your order, receives from us only the shipping address, which you supplied to us.