We process all data in-house – without involving an external call centre.
We will not contact you at any time unless you request us to do so.
We will never pass on or sell customer data.
We will only provide shipping partners with the shipping address you provide.
Our Data Protection Officer is in possession of a certificate from the TÜV.

"I've been working at bc for almost 20 years and I love helping my colleagues and our customers. As Data Protection Officer, I am the person who you should come to with anything relating to data protection. I also advise and monitor my colleagues and our management team regarding data protection. I would like to tell you, in a way that is as transparent as possible, how we deal with your data.

We fully appreciate that our privacy policy contains a lot of information and that some of the wording may be difficult to understand. So if you have any questions about our privacy policy or general questions about data protection at bc, please feel free to contact me by email: datenschutz@bike-components.de."

Stefan, our TÜV-certified Data Protection Officer
Welcome to bike-components.de! We are looking forward to you visiting our online shop. Of course, we also maintain our service promise to do all we can to provide everything you need for your bike and to protect your personal data (hereinafter referred to as "data" for short) too. We would like to assure you that we will take care of your data as responsibly as we take care of your bike. You can read exactly what this means and what rights you have here in our privacy policy.

1. Data controller and contact

We are, of course, the data controller and we will be happy to answer any questions you have at any time. In fact, bc GmbH & Co. KG is responsible for processing and protecting your data on bike-components.de (hereinafter referred to simply as "we" or "bc").

Where to find us and how to contact us:
bc GmbH & Co. KG
Commercial Register of Aachen HRA6179
VAT ID number DE191317292

Carlo-Schmid-Straße 12, 52146 Würselen, Germany
Email: info@bike-components.de
Phone: +49 (0)2405 – 450045
Fax: +49 (0)2405 – 450046

General partner:
bc Verwaltungs GmbH
Headquarters: Würselen
Commercial Register of Aachen HRB21024
Management: 
Philipp Simon

If you have any questions, please do not hesitate to contact our Data Protection Officer Stefan Sippel. You can contact him by email at datenschutz@bike-components.de.

2. Your visit to bike-components.de

When you visit one of our websites, information from your browser is automatically sent to our server. We only need this information to ensure that you can access our site properly. This relates to the following information, which we temporarily store in a so-called log file until it is automatically deleted:

●     IP address of your computer,

●     Date and time of your access,

●     Name and URL of the file you have retrieved,

●     Website from which you gain access (referrer URL),

●     The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We will only process this data in order to make your visit to our website as simple as possible for you from a technological point of view, specifically:

●     to ensure a smooth connection to our website,

●     to ensure that you can use our website in comfort,

●     to evaluate how secure and robust the system is and

●     for other administrative purposes.

The legal basis for processing data is Art. 6 Para. 1 (1) (f) of the General Data Protection Regulation (GDPR). Under no circumstances will we use the data collected to identify you as an individual.

We also use our website cookies and analysis services when there is a visit to our website.

3. Your log-in to bike-components

Having an account with bc means you can order even more easily and quickly. You will have all your orders, account and user data, your address book, password, newsletter subscription and your reviews at your fingertips.

To ensure that you can also use and access your account benefits, we store your registration data with each log-in in addition to the data mentioned under 2.:

●     Date and time of your log-in

●     First name and surname

●     Email

●     Password

●     Our current terms and conditions

We take care of your data, which is why our registration form is so encrypted that the data entered there cannot be viewed by third parties. Of course, you always have the right to change your log-in data.

We process your data strictly in accordance with Art. 6 Para. 1 (1) (b) of the GDPR and we need this data in order to be able to process your orders and subscriptions properly, as well as to mutually fulfil obligations arising from our order contracts.

If you place an order with us while you are logged in, we will store the data for as long as is set out under 4. If you were logged in without placing an order, we will store your registration data for as long as, from experience, we would expect you to place an order, but not for longer than three months.

4. Your purchase from bike-components

We will make sure that you receive all you need for your bike as soon as possible. And this is why we need data.

You can order from us either by using a customer account so that we store the data set out under 2. and 3. in order to process your order or you can order as a guest, meaning we will only store the data set out under 2. and the data from our order form. To prevent third parties from viewing your data, we have also encrypted our order form. To process your order, we store the following information:

●     Title, first name, surname,

●     Email address

●     Address

●     Phone number (if specified)

●     Date and time of the order

●     Ordered goods

●     Information about the payment method

We also save the text of the contract and our general terms and conditions in force at the time the contract is concluded.

Why do we need this data:

●     To make sure that you are our customer,

●     To be able to deliver the ordered goods to you and to be able to fulfil the contract,

●     To issue you with your invoice,

●     To process our entitlements to payment from you and to assert any other claims against you and

●     To keep you informed about your order.

Your data will be processed at your request and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes outlined for our mutual fulfilment of the obligations arising from the sales contract.

We store the data that we collect for the purposes of processing the sales contract until the statutory period of limitation has expired (three years after the end of the calendar year in which the claim arose and we became aware of the circumstances substantiating the claim and of your identity or would have become aware without gross negligence, Section 199 Para. 1 of the BGB (German Civil Code)). After that we delete it, unless we are obliged to store it for longer in accordance with Article 6 Para. 1 (1) (c) of the GDPR due to retention and documentation requirements under tax and commercial law (arising from the HGB (German Commercial Code), StGB (German Penal Code) or AO (German Fiscal Code)) or you have consented to your data being stored for a longer period in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.

5. Your newsletter subscription

Would you like to be kept up to date on all aspects of your bike? We will be happy to send you tips, product launches, brands and trends via our newsletter.

So if you subscribe to our newsletter and have thus consented in according with Art. 6 Para. 1 (1) (a) of the GDPR to us using your email address for this purpose, we will send you our news on a regular basis. The only information you will need to provide is your email address. You can write to us at any time: via the link at the end of each bc newsletter or you can write to us at info@bike-component.de.

6. What happens if you have questions about the contact form

If you have any questions, such as about your order or one of our items, we are always happy to help you via email, phone or chat. You can, of course, also contact us via our contact form.

We need you to provide a valid email address so that we can answer your query via the contact form on our website and assign it to you. All other information you provide in order to help us respond more quickly is voluntary. Data is processed as part of this process in accordance with Art. 6 Para. 1 (1) (a) of the GDPR based on your consent that you have given voluntarily. All data that we collect on the contact form will be deleted as soon as we have dealt with your query. Our contact form is also encrypted so that your data cannot be viewed by third parties.

7. What information is stored when you use payment service providers

You can pay us safely in different ways and choose the simplest method for you. We will not share your personal information with third parties unless:

1. It is permitted under law and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes of fulfilling contractual relationships with you. As part of this process, we use the data you provide:
1.1. To process your order.
1.2. To pass the data on to the shipping company responsible for delivery, as far as this is necessary for your goods to be delivered.
1.3. To process payments. For this purpose, we may pass on your payment data to our principal bank.

2. It is necessary to share your personal information in accordance with Art. 6 Para. 1 (1) (f) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding and legitimate interest in your data not being shared in the event that there is a legal obligation to share in accordance with Art. 6 Para. 1 (1) (c) of the GDPR and

3. You have expressly consented to this in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.

4. You select the PayPal payment method. Then we pass on the required data to PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; hereinafter referred to as PayPal). PayPal is run as a bank across the EU. The supervisory authority is the Luxembourg Banking Authority CSSF (Commission de Surveillance du Secteur Financier). The information that we automatically pass on to PayPal for the purposes of your payment transaction is usually first name and surname, street, house number, postcode, city, phone number and the data related to your order within the scope permitted by law.
4.1. If you use PayPal services, PayPal collects the following data from you:
4.1.1. Information on registration and use. If you do not have a PayPal account, you may need to provide your name, address, phone number, email address and other identifying information to set up an account, depending on the services you choose.
4.1.2. Information about transactions and experiences, such as the amount sent or requested, the amount paid for products or services, dealer information, including sources of payment used for the transaction, device information, technical usage data and location data.
4.1.3 Personal data of those participating in the transaction, i.e., data that you provide to PayPal about other participants in connection with the transaction.
4.1.4. All other data collected by PayPal can be found here.
4.2. For credit checking purposes, PayPal will pass your data on to credit agencies. These can also be found here.

5. You select the Amazon Pay method of payment. We will then pass your payment details onto amazon payments Europe s.c.a. as part of the payment process (38 avenue J.F.Kennedy, L-1855 Luxembourg; hereinafter referred to as amazon payments). Data passed to amazon payments is processed by amazon EU SARL, amazon Services Europe SARL and amazon Media EU SARL (all three are located at 38 avenue J.F. Kennedy, L-1855, Luxembourg). We will only share your data in order to process the payment with the payment service provider amazon payments and only if it is necessary.
5.1. Your data will be shared with amazon payments on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
5.2. You have the option to revoke your consent to your data being processed at any time. Your revocation does not affect the effectiveness of previous data processing operations.
5.3. Details on how to pay with amazon payments and their privacy policy can be foundhere.

6. You want to pay with your credit card. For this purpose, we rely on the payment service SIX Payment Services (Europe) S.A. (10, rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg; hereinafter referred to as SIX). If you have chosen this payment method, you will be transferred to the SIX payment page and we will send your data, email address or address, total amount, order date and time as well as order number/invoice number to SIX. Your data will be shared on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
6.1. The data shared shall be stored, processed and used within the scope permitted by law for risk assessment purposes. SIX decides whether the 3D Secure protocol needs to be run on the basis of the outcome of the risk assessment.
6.2. Please note the SIX Privacy Policy.
6.3. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.

7. If you have decided to pay with Klarna, we will pass on the data you provided to Klarna AB (Sveavägen 46,111 34 Stockholm, Sweden; hereinafter referred to as Klarna). Klarna is a provider of Internet-based payment methods, which offers you the invoice (14 days), direct debit and pay now payment methods.
If you decide to pay with Klarna (Klarna checkout solution), we will provide Klarna with the personal data required for processing: first name and surname, address, email address, IP address, telephone number, bank details as well as the data necessary to process the purchase on account such as item number, invoice amount and number of items such as VAT invoices, if applicable.
7.1. You also provide Klarna with personal data directly or indirectly, for example if you choose one of the Klarna payment options, contact Klarna or use the Klarna customer portal. Depending on the Klarna service you are using, you can share the following data:
7.1.1. Address information and contact information: name, date of birth, title, billing and delivery address, email address, mobile phone number
7.1.2. Payment information: debit and credit card details (card number, expiry date and CCV code), invoice data, account number
7.2. Depending on which Klarna services you choose, the following data may be collected:
7.2.1. Personal data and contact information such as name, date of birth, title, billing and delivery address, email address, mobile phone number
7.2.2. Information on goods/services
7.2.3. Financial information such as your income, any credit obligations and negative payment attributes
7.2.4. Historical information such as information about your purchases to date with Klarna, payment history and credit acceptance
7.2.5. Information about the interaction between you and Klarna
7.2.6. Information about the interaction between you and us
7.2.7. Device-related information such as IP address and browser settings
7.2.8. Location-related information such as geographical location
7.3 Klarna is itself responsible for the data received from you pursuant to the GDPR. You can read more about this in the Klarna Privacy Policy: https://www.klarna.com/uk/privacy-notice/ and https://www.klarna.com/sofort/datenschutz/ 
7.4. Data shall be transferred on the basis of Art. 6 Para. 1 (a) of the GDPR (consent) and Art. 6 Para. 1 (b) of the GDPR (processing for the purposes of fulfilling a contract).
7.5. The purpose of sharing data is in particular to verify identity, administer payments, prevent fraud and to carry out credit checks. Klarna collects information from credit agencies for the purpose of verifying identity and carrying out credit checks. In Germany, this may involve the following credit agencies:
7.5.1. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden;
7.5.2. Creditreform Boniversum GmbH Hellersbergstraße 11,41460 Neuss;
7.5.3. Deutsche Post Direkt GmbH , Junkersring 57,53844 Troisdorf;
7.5.4. Infoscore Consumer Data GmbH, Rheinstraße 99,76532 Baden-Baden;
7.5.5. Regis 24 GmbH, Wallstraße 58,10719 Berlin;
7.5.6. CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 Munich.
7.6. You can find more information about what the agencies do on the respective information sheets in accordance with Art. 14 of the GDPR:
7.6.1.https://www.schufa.de/en/
7.6.2. https://www.boniversum.de/eu-dsgvo/?lang=en
7.6.3. https://finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf
7.6.4. https://www.regis24.de/
7.6.5. https://www.crifbuergel.de/en/privacy
7.7. Klarna uses the agency ThreatMetrix, Inc. to prevent fraud. (160 W Santa Clara St. Suite 1400, San Jose, California 95113 USA; Processing Notice as PDF).
7.8. As part of the decision to draw up, implement and terminate the contract, Klarna also collects and uses information about your payment history to date and probability values relating to your future behaviour. The credit risk is assessed on the basis of mathematical and statistical processes employed by the credit agency. For this purpose, the personal data necessary for the purposes of the credit check, such as name, address and bank details, is shared with the credit agencies. Data is therefore collected, stored and transferred for the purposes of the credit check in order to avoid a default on payment and on the basis of Art. 6 Para. 1 (1) (b) of the GDPR and of Art. 6 Para. 1 (1) (f) of the GDPR. On the basis of this information, a statistical probability of defaulting on credit and thus your ability to pay is calculated. If the credit check is positive, you can place your order. If the credit check is negative, Klarna will inform you immediately as this means you are not deemed creditworthy.
7.9. You may revoke your consent at any time. Your revocation does not affect the effectiveness of previous data processing operations.
7.10. Klarna has a Data Protection Officer and a data protection department. You can contact them at any time by email:datenschutz@klarna.de.

Except in the aforementioned cases, we will not pass your data on to other third parties or use it for advertising purposes other than for the purposes of sending the newsletter to you, to which you will have consented. Bikers' word of honour. If we share your information with the aforementioned third parties, you can be sure that we have carefully selected and explicitly appointed them; they are bound by our instructions and are monitored regularly.

If our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we will inform you in the description of our offer, what the consequences are. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you specified in your order is outside the EEA. In addition, there must be an EU Commission adequacy decision in place for the country concerned. Where data will need to be transmitted in accordance with Art. 46 or Art. 47 or Art. 49 Para. 1 sub-paragraph 2, we will inform you about the consequences as part of our offer. The Commission has adopted adequacy decisions for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, USA (limited to the Privacy Shield framework). The Commission's comments on its adequacy decisions can be found here.
You can find statements and explanations about the EU-US Privacy Shield here.

8. Cookies and analysis services

Cookies are important – as a snack in between meals, but also for the usability of our website and your convenience when shopping in our online shop. You can find out about our cookies and our analysis services by reading our Cookie Policy.

9. You have control over your data

Your data belongs to you and we will be happy to provide you with information about what happens to it. That's why you always have the right:

●        under Art. 15 of the GDPR to request information about your data processed by us. In particular, you may request information about:
1. The processing purposes,
2. The categories of data,
3. The categories of recipients to whom the data has been or will be disclosed;
4. The envisaged retention period,
5. Your right to rectification, erasure, restriction of processing or right to object,
6. Your right to lodge a complaint with a regulatory authority,
7. The source of your data if it has not been collected by us,
8. The existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and meaningful information about the logic involved and the significance and envisaged consequences of such processing for you as the data subject,
9. Whether the data relating to you is transferred to a third country or to an international organisation. In that regard, under Art. 46 of the GDPR, you may request to be informed about the appropriate guarantees in connection with the transmission.

●        under Art. 16 of the GDRP to immediately request that data stored by us be corrected or completed.

●        under Art. 17 of the GDPR, you may request, in the following cases, that we delete the data that we have stored about you if:
1. The data concerning you is no longer necessary for the purposes for which we have collected it or processed it in any other way.
2. You are revoking your consent on the basis of which we process your data under Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of the GDPR and there is no other legal basis for processing.
3. You object under Art. 21 Para. 1 of the GDPR to your data being processed and there are no overriding legitimate reasons for processing, or you file an objection under Art. 21 Para. 2 of the GDPR.
4. The data relating to you has been processed illegally.
5. It is necessary to delete data relating to you in order to fulfil a legal obligation under EU law or the law of the Member States to which we as the data controller are subject.
6. The data relating to you has been collected in relation to the services provided by the information society under Art. 8 Para. 1 of the GDPR.

In the event that we as data controller have made your data public and are obliged under Art. 17 Para. 1 of the GDPR to delete the data, we will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the data, that you, as data subject, have requested that they delete all links to this data or copies or replications of this data.

However you shall have no right to deletion should processing be necessary
1. To exercise the right to freedom of expression and information;
2. To fulfil a legal obligation which requires processing under EU law or the law of the Member States to which we are subject, or to carry out a task which is in the public interest or which is carried out as part of exercising public authority which has been entrusted to us;
3. For reasons of public interest in the field of public health under Art. 9 Para.  2 (h) and (i) and Art. 9 Para. 3 of the GDPR;
4. For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Art. 89 Para. 1 of the GDPR, insofar as your right stated under Para. 1 is likely to make the realisation of the objectives of this processing impossible or seriously impair it, or
5. To assert, exercise or defend legal claims.

Under Art. 18 of the GDPR, you may request that restrictions are placed on your personal data being processed if

1. You dispute the accuracy of the data about you for a period of time that allows us to verify that the personal data is accurate;
2. Processing is unlawful and you decline to delete the personal data, instead requesting that restrictions are placed on how the data is used;
3. We no longer need the data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
4. You have filed an objection to processing under Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons for us as data controller outweigh your reasons.

In the event that restrictions have been placed on how data about you is processed, we may only process this data (storing the data aside) with your consent or to assert, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State.

In the event that restricted processing has been restricted in accordance with the above conditions, we will inform you before we remove the restriction;

●        under Art. 20 of the GDPR, you may receive your data that you have provided to us in a structured, standard and machine-readable format or request that the data be transferred to another data controller. In addition, you have the right to transfer this data to another data controller without any obstruction by us to whom you have provided the data, provided that
1. Processing is based on consent under Art. 6 Para. 1 (a) of the GDPR or Art. 9 Para. 2 (a) of the GDPR or on a contract under Art. 6 Para. 1 (b) of the GDPR and
2. Processing is carried out by means of automated processes.

In exercising this right, you also have the right to have the data about you transferred directly from us to another data controller, as far as it is technically feasible to do so. The freedoms and rights of other persons must not be affected by this process.

The right to data transfer shall not apply to personal data being processed that is necessary to perform a task which is in the public interest or which is carried out in the exercise of public authority that has been entrusted to us:

●        under Art. 7 Para. 3 of the GDPR, you may withdraw your consent at any time. As a result, we will not be permitted to continue processing data based on your consent in future and

●        under Art. 77 of the GDPR, you may complain to a regulatory authority. Normally you can contact the regulatory authority for your usual place of residence or workplace or for our company headquarters.

10. Your right to object

What should you do if you no longer want us to process your data? It's your prerogative, just let us know.
If we process your personal data based on legitimate interests under Art. 6 Para. 1 (1) (f) of the GDPR, you have the right under Art. 21 of the GDPR to file an objection to your data being processed, provided there are reasons to do so based on your particular circumstances or you are objecting to direct mail. In the latter scenario, you have a general right to object which we will act on without you needing to state a particular reason. If you would like to use your right to revoke your consent or your right to file an objection, send us an email to info@bike-components.de.

Of course, you can also object to your data being processed for the purposes of advertising and data analysis at any time. All you have to do is send us an email to info@bike-components.de.

11. Your data is safe

Safety and security is important for us, not only when out cycling, but also when processing your data.

During your visit to the bc website, we use the popular Secure Socket Layer (SSL) method in conjunction with the highest level of encryption that is supported by your browser. Typically, this will involve 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. The closed padlock or unbroken key icon in the address bar of your browser tells you whether a single page is transmitted in encrypted form.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties. To this end, we continuously improve our security measures in line with technological developments.

12. Validity of this privacy policy

As cyclists, we know how important it is to always keep up to speed, which is why we also like to make sure that we are up to date when it comes to data protection.

This privacy policy is currently valid and is dated November 2020. It may be necessary to change our privacy policy either because we are developing our website or our offers on the website for you or because of changes to legal or regulatory requirements. You can read our current privacy policy on our website at any time or even print it out and display it on your wall https://www.bike-components.de/en/data-privacy/.

We fully appreciate that this is a lot of information to take in and that some of the wording may be difficult to understand. So if you have any questions about our privacy policy or general questions about data protection at bc, please feel free to contact me by email: datenschutz@bike-components.de.